cve-2024-41734
Vulnerability from cvelistv5
Published
2024-08-13 04:18
Modified
2024-08-13 14:38
Severity ?
EPSS score ?
Summary
Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
References
▼ | URL | Tags | |
---|---|---|---|
cna@sap.com | https://me.sap.com/notes/3494349 | Permissions Required | |
cna@sap.com | https://url.sap/sapsecuritypatchday | Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP_SE | SAP NetWeaver Application Server ABAP and ABAP Platform |
Version: SAP_BASIS 700 Version: SAP_BASIS 701 Version: SAP_BASIS 702 Version: SAP_BASIS 731 Version: SAP_BASIS 740 Version: SAP_BASIS 750 Version: SAP_BASIS 751 Version: SAP_BASIS 752 Version: SAP_BASIS 753 Version: SAP_BASIS 754 Version: SAP_BASIS 755 Version: SAP_BASIS 756 Version: SAP_BASIS 757 Version: SAP_BASIS 758 Version: SAP_BASIS 912 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-41734", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-13T14:32:33.604375Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-13T14:38:41.935Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "SAP_BASIS 700" }, { "status": "affected", "version": "SAP_BASIS 701" }, { "status": "affected", "version": "SAP_BASIS 702" }, { "status": "affected", "version": "SAP_BASIS 731" }, { "status": "affected", "version": "SAP_BASIS 740" }, { "status": "affected", "version": "SAP_BASIS 750" }, { "status": "affected", "version": "SAP_BASIS 751" }, { "status": "affected", "version": "SAP_BASIS 752" }, { "status": "affected", "version": "SAP_BASIS 753" }, { "status": "affected", "version": "SAP_BASIS 754" }, { "status": "affected", "version": "SAP_BASIS 755" }, { "status": "affected", "version": "SAP_BASIS 756" }, { "status": "affected", "version": "SAP_BASIS 757" }, { "status": "affected", "version": "SAP_BASIS 758" }, { "status": "affected", "version": "SAP_BASIS 912" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e" } ], "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-13T04:18:03.596Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://me.sap.com/notes/3494349" }, { "url": "https://url.sap/sapsecuritypatchday" } ], "source": { "discovery": "UNKNOWN" }, "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2024-41734", "datePublished": "2024-08-13T04:18:03.596Z", "dateReserved": "2024-07-22T08:06:52.676Z", "dateUpdated": "2024-08-13T14:38:41.935Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-41734\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2024-08-13T05:15:13.587\",\"lastModified\":\"2024-09-12T13:28:03.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.\"},{\"lang\":\"es\",\"value\":\"Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podr\u00eda llamar a una transacci\u00f3n subyacente, lo que conduce a la divulgaci\u00f3n de informaci\u00f3n relacionada con el usuario. No hay ning\u00fan impacto en la integridad o la disponibilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7909F4-1D66-4C4F-95F3-34ACB0190DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8310EBA-2438-427F-80C2-BE151E35D97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"732E155D-C866-4F0E-BC86-037B94308B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"035EDBAC-C29B-49DB-ACEE-CA64750E7290\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05BE37AE-1CC3-4A84-BC9A-B353747B9151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B1673C-7EF7-4658-91EE-A5BFFDD068B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A69E6E2-46AD-4973-8F39-500D34D50570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15141B2A-8186-454F-BC4D-6BF07420C899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50137ED8-017E-4D0C-ADB4-8FD227301371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"021DE052-25C3-49DF-B2AD-BF9D28B1CAD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFAA63CF-0FD5-4568-A88C-82AD97A14EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17767460-94A3-443D-8D60-3607D3A894D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B654DB-8E10-422A-94B5-42F9D4EAB10F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC51692-5E94-4678-99B0-4EC1D633DDF8\"}]}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3494349\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.