8.5
CVE-2024-54198
- EPSS 0.25%
- Veröffentlicht 10.12.2024 01:15:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Information Disclosure vulnerability through Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP NetWeaver Application Server ABAP
Default Statusunaffected
Version
KRNL64NUC 7.22
Status
affected
Version
7.22EXT
Status
affected
Version
KRNL64UC 7.22
Status
affected
Version
7.53
Status
affected
Version
KERNEL 7.22
Status
affected
Version
7.54
Status
affected
Version
7.77
Status
affected
Version
7.89
Status
affected
Version
7.93
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.481 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 8.5 | 1.8 | 6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-914 Improper Control of Dynamically-Identified Variables
The product does not properly restrict reading from or writing to dynamically-identified variables.