CVE-2024-41734

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 41.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedAug 13

Description

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap_and_abap_platform15 versions+14

▶NVDsap/netweaver_application15 versions+14

🔴Vulnerability Details

GHSA

GHSA-45m2-f9mw-223r: Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying tran↗2024-08-13

▶

CVEList

Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform↗2024-08-13

▶