4.1
CVE-2024-37180
- EPSS 0.04%
- Published 09.07.2024 05:15:12
- Last modified 21.11.2024 09:23:22
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
≫
Product
SAP NetWeaver Application Server for ABAP and ABAP Platform
Default Statusunaffected
Version
SAP_BASIS 700
Status
affected
Version
SAP_BASIS 701
Status
affected
Version
SAP_BASIS 702
Status
affected
Version
SAP_BASIS 731
Status
affected
Version
SAP_BASIS 740
Status
affected
Version
SAP_BASIS 750
Status
affected
Version
SAP_BASIS 751
Status
affected
Version
SAP_BASIS 752
Status
affected
Version
SAP_BASIS 753
Status
affected
Version
SAP_BASIS 754
Status
affected
Version
SAP_BASIS 755
Status
affected
Version
SAP_BASIS 756
Status
affected
Version
SAP_BASIS 757
Status
affected
Version
SAP_BASIS 758
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.125 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@sap.com | 4.1 | 2.3 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.