CVE-2024-44114

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

2.7LOW

EPSS

0.1%

top 75.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server FOR Abap AND Abap Platform SAP Netweaver Application Server Abap

Timeline

PublishedSep 10

Description

SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:NExploitability: 0.5 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_application_server_for_abap_and_abap_platform13 versions+12

▶NVDsap/netweaver_application13 versions+12

Patches

Patch: url.sap ↗

🔴Vulnerability Details

CVEList

Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform↗2024-09-10

▶

GHSA

GHSA-4xpj-prjw-rc6p: SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network↗2024-09-10

▶