CVE-2024-41734

{"id": "CVE-2024-41734", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2024-08-13T05:15:13.587", "references": [{"url": "https://me.sap.com/notes/3494349", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability."}, {"lang": "es", "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podr\u00eda llamar a una transacci\u00f3n subyacente, lo que conduce a la divulgaci\u00f3n de informaci\u00f3n relacionada con el usuario. No hay ning\u00fan impacto en la integridad o la disponibilidad."}], "lastModified": "2024-09-12T13:28:03.450", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB7909F4-1D66-4C4F-95F3-34ACB0190DB8"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8310EBA-2438-427F-80C2-BE151E35D97D"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "732E155D-C866-4F0E-BC86-037B94308B7D"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "035EDBAC-C29B-49DB-ACEE-CA64750E7290"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05BE37AE-1CC3-4A84-BC9A-B353747B9151"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78B1673C-7EF7-4658-91EE-A5BFFDD068B6"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A69E6E2-46AD-4973-8F39-500D34D50570"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15141B2A-8186-454F-BC4D-6BF07420C899"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50137ED8-017E-4D0C-ADB4-8FD227301371"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "021DE052-25C3-49DF-B2AD-BF9D28B1CAD4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFAA63CF-0FD5-4568-A88C-82AD97A14EFF"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17767460-94A3-443D-8D60-3607D3A894D6"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63B654DB-8E10-422A-94B5-42F9D4EAB10F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CC51692-5E94-4678-99B0-4EC1D633DDF8"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}