2024-08-13 06:03:13 +00:00
{
"id" : "CVE-2024-41734" ,
"sourceIdentifier" : "cna@sap.com" ,
"published" : "2024-08-13T05:15:13.587" ,
2024-09-12 14:03:30 +00:00
"lastModified" : "2024-09-12T13:28:03.450" ,
"vulnStatus" : "Analyzed" ,
2024-08-13 06:03:13 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability."
2024-08-18 02:03:12 +00:00
} ,
{
"lang" : "es" ,
"value" : "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podr\u00eda llamar a una transacci\u00f3n subyacente, lo que conduce a la divulgaci\u00f3n de informaci\u00f3n relacionada con el usuario. No hay ning\u00fan impacto en la integridad o la disponibilidad."
2024-08-13 06:03:13 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-09-12 14:03:30 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "cna@sap.com" ,
"type" : "Secondary" ,
2024-09-12 14:03:30 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM" ,
2024-09-12 14:03:30 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-09-12 14:03:30 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
} ,
2024-08-13 06:03:13 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-08-13 06:03:13 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.3 ,
"baseSeverity" : "MEDIUM" ,
2024-08-13 06:03:13 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2024-08-13 06:03:13 +00:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
"source" : "cna@sap.com" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-862"
}
]
}
] ,
2024-09-12 14:03:30 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB7909F4-1D66-4C4F-95F3-34ACB0190DB8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F8310EBA-2438-427F-80C2-BE151E35D97D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "732E155D-C866-4F0E-BC86-037B94308B7D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "035EDBAC-C29B-49DB-ACEE-CA64750E7290"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "05BE37AE-1CC3-4A84-BC9A-B353747B9151"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "78B1673C-7EF7-4658-91EE-A5BFFDD068B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1A69E6E2-46AD-4973-8F39-500D34D50570"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "15141B2A-8186-454F-BC4D-6BF07420C899"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "50137ED8-017E-4D0C-ADB4-8FD227301371"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "021DE052-25C3-49DF-B2AD-BF9D28B1CAD4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FFAA63CF-0FD5-4568-A88C-82AD97A14EFF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "17767460-94A3-443D-8D60-3607D3A894D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "63B654DB-8E10-422A-94B5-42F9D4EAB10F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1CC51692-5E94-4678-99B0-4EC1D633DDF8"
}
]
}
]
}
] ,
2024-08-13 06:03:13 +00:00
"references" : [
{
"url" : "https://me.sap.com/notes/3494349" ,
2024-09-12 14:03:30 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Permissions Required"
]
2024-08-13 06:03:13 +00:00
} ,
{
"url" : "https://url.sap/sapsecuritypatchday" ,
2024-09-12 14:03:30 +00:00
"source" : "cna@sap.com" ,
"tags" : [
"Vendor Advisory"
]
2024-08-13 06:03:13 +00:00
}
]
}
