4.3
CVE-2024-41734
- EPSS 0.18%
- Published 13.08.2024 05:15:13
- Last modified 12.09.2024 13:28:03
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Versionsap_basis_700
SAP ≫ Netweaver Application Server Abap Versionsap_basis_701
SAP ≫ Netweaver Application Server Abap Versionsap_basis_702
SAP ≫ Netweaver Application Server Abap Versionsap_basis_731
SAP ≫ Netweaver Application Server Abap Versionsap_basis_740
SAP ≫ Netweaver Application Server Abap Versionsap_basis_750
SAP ≫ Netweaver Application Server Abap Versionsap_basis_751
SAP ≫ Netweaver Application Server Abap Versionsap_basis_752
SAP ≫ Netweaver Application Server Abap Versionsap_basis_753
SAP ≫ Netweaver Application Server Abap Versionsap_basis_754
SAP ≫ Netweaver Application Server Abap Versionsap_basis_755
SAP ≫ Netweaver Application Server Abap Versionsap_basis_756
SAP ≫ Netweaver Application Server Abap Versionsap_basis_757
SAP ≫ Netweaver Application Server Abap Versionsap_basis_758
SAP ≫ Netweaver Application Server Abap Versionsap_basis_912
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.397 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| cna@sap.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.