CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

CVSS v3 2.7 LOW

2.7^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3496410	Permissions Required
https://url.sap/sapsecuritypatchday	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver_application_server_abap:700:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:701:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:702:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:731:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:740:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:750:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:751:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:752:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:753:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:754:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:755:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:756:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:757:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:758:::::::*
	cpe:2.3:a:sap:netweaver_application_server_abap:912:::::::*

History

16 Sep 2024, 14:14

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3496410 -~~	() https://me.sap.com/notes/3496410 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Patch
CPE		cpe:2.3:a:sap:netweaver_application_server_abap:750:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:912:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:702:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:753:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:740:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:754:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:751:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:755:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:757:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:701:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:700:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:752:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:756:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:758:::::::* cpe:2.3:a:sap:netweaver_application_server_abap:731:::::::*
First Time		Sap netweaver Application Server Abap Sap

10 Sep 2024, 12:09

Type	Values Removed	Values Added
Summary		(es) Debido a la falta de verificación de autorización, SAP NetWeaver Application Server para ABAP y ABAP Platform permite que un atacante que haya iniciado sesión como desarrollador lea objetos incluidos en un paquete. Esto afecta la confidencialidad, ya que, de lo contrario, el atacante no tendría acceso para ver estos objetos.

10 Sep 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-10 04:15

Updated : 2024-09-16 14:14

NVD link : CVE-2024-41728

Mitre link : CVE-2024-41728

CVE.ORG link : CVE-2024-41728

JSON object : View

Products Affected

sap

netweaver_application_server_abap

CWE

CWE-862

Missing Authorization

2.7 /10