CVE-2024-41734

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
References
Link Resource
https://me.sap.com/notes/3494349 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*

History

12 Sep 2024, 13:28

Type Values Removed Values Added
CPE cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*
First Time Sap netweaver Application Server Abap
Sap
Summary
  • (es) Debido a la falta de verificación de autorización en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podría llamar a una transacción subyacente, lo que conduce a la divulgación de información relacionada con el usuario. No hay ningún impacto en la integridad o la disponibilidad.
References () https://me.sap.com/notes/3494349 - () https://me.sap.com/notes/3494349 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory

13 Aug 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-13 05:15

Updated : 2024-09-12 13:28


NVD link : CVE-2024-41734

Mitre link : CVE-2024-41734

CVE.ORG link : CVE-2024-41734


JSON object : View

Products Affected

sap

  • netweaver_application_server_abap
CWE
CWE-862

Missing Authorization