CVE-2024-33005

EPSS 0.07%
Published 13.08.2024 04:15:07
Last modified 12.09.2024 14:39:03
Source cna@sap.com
Teams watchlist Login
Open Login

Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Netweaver Abap Versionkernel_7.22

SAP ≫ Netweaver Abap Versionkernel_7.53

SAP ≫ Netweaver Abap Versionkernel_7.54

SAP ≫ Netweaver Abap Versionkernel_7.77

SAP ≫ Netweaver Abap Versionkernel_7.85

SAP ≫ Netweaver Abap Versionkernel_7.89

SAP ≫ Netweaver Abap Versionkernel_7.93

SAP ≫ Netweaver Abap Versionkrnl64nuc_7.22

SAP ≫ Netweaver Abap Versionkrnl64nuc_7.22ext

SAP ≫ Netweaver Abap Versionkrnl64uc_7.22

SAP ≫ Netweaver Abap Versionkrnl64uc_7.22ext

SAP ≫ Netweaver Abap Versionkrnl64uc_7.53

SAP ≫ Netweaver Java Versionkernel_7.22

SAP ≫ Netweaver Java Versionkernel_7.53

SAP ≫ Netweaver Java Versionkernel_7.54

SAP ≫ Netweaver Java Versionkernel_7.77

SAP ≫ Netweaver Java Versionkernel_7.85

SAP ≫ Netweaver Java Versionkernel_7.89

SAP ≫ Netweaver Java Versionkernel_7.93

SAP ≫ Netweaver Java Versionkrnl64nuc_7.22

SAP ≫ Netweaver Java Versionkrnl64nuc_7.22ext

SAP ≫ Netweaver Java Versionkrnl64uc_7.22

SAP ≫ Netweaver Java Versionkrnl64uc_7.22ext

SAP ≫ Netweaver Java Versionkrnl64uc_7.53

SAP ≫ Content Server Versionkernel_7.22

SAP ≫ Content Server Versionkernel_7.53

SAP ≫ Content Server Versionkernel_7.54

SAP ≫ Content Server Versionkernel_7.77

SAP ≫ Content Server Versionkernel_7.85

SAP ≫ Content Server Versionkernel_7.89

SAP ≫ Content Server Versionkernel_7.93

SAP ≫ Content Server Versionkrnl64nuc_7.22

SAP ≫ Content Server Versionkrnl64nuc_7.22ext

SAP ≫ Content Server Versionkrnl64uc_7.22

SAP ≫ Content Server Versionkrnl64uc_7.22ext

SAP ≫ Content Server Versionkrnl64uc_7.53

SAP ≫ Web Dispatcher Versionkernel_7.22

SAP ≫ Web Dispatcher Versionkernel_7.53

SAP ≫ Web Dispatcher Versionkernel_7.54

SAP ≫ Web Dispatcher Versionkernel_7.77

SAP ≫ Web Dispatcher Versionkernel_7.85

SAP ≫ Web Dispatcher Versionkernel_7.89

SAP ≫ Web Dispatcher Versionkernel_7.93

SAP ≫ Web Dispatcher Versionkrnl64nuc_7.22

SAP ≫ Web Dispatcher Versionkrnl64nuc_7.22ext

SAP ≫ Web Dispatcher Versionkrnl64uc_7.22

SAP ≫ Web Dispatcher Versionkrnl64uc_7.22ext

SAP ≫ Web Dispatcher Versionkrnl64uc_7.53

SAP ≫ Web Dispatcher Versionwebdisp_7.22_ext

SAP ≫ Web Dispatcher Versionwebdisp_7.53

SAP ≫ Web Dispatcher Versionwebdisp_7.54

SAP ≫ Web Dispatcher Versionwebdisp_7.77

SAP ≫ Web Dispatcher Versionwebdisp_7.85

SAP ≫ Web Dispatcher Versionwebdisp_7.89

SAP ≫ Web Dispatcher Versionwebdisp_7.93

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.208

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
cna@sap.com	6.3	0.8	5.5	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3438085

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2024-33005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33005

EUVD