nvd-json-data-feeds/CVE-2024/CVE-2024-417xx/CVE-2024-41734.json

{
  "id": "CVE-2024-41734",
  "sourceIdentifier": "cna@sap.com",
  "published": "2024-08-13T05:15:13.587",
  "lastModified": "2024-09-12T13:28:03.450",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability."
    },
    {
      "lang": "es",
      "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podr\u00eda llamar a una transacci\u00f3n subyacente, lo que conduce a la divulgaci\u00f3n de informaci\u00f3n relacionada con el usuario. No hay ning\u00fan impacto en la integridad o la disponibilidad."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cna@sap.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      },
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@sap.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB7909F4-1D66-4C4F-95F3-34ACB0190DB8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8310EBA-2438-427F-80C2-BE151E35D97D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*",
              "matchCriteriaId": "732E155D-C866-4F0E-BC86-037B94308B7D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*",
              "matchCriteriaId": "035EDBAC-C29B-49DB-ACEE-CA64750E7290"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*",
              "matchCriteriaId": "05BE37AE-1CC3-4A84-BC9A-B353747B9151"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*",
              "matchCriteriaId": "78B1673C-7EF7-4658-91EE-A5BFFDD068B6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A69E6E2-46AD-4973-8F39-500D34D50570"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*",
              "matchCriteriaId": "15141B2A-8186-454F-BC4D-6BF07420C899"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*",
              "matchCriteriaId": "50137ED8-017E-4D0C-ADB4-8FD227301371"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*",
              "matchCriteriaId": "021DE052-25C3-49DF-B2AD-BF9D28B1CAD4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFAA63CF-0FD5-4568-A88C-82AD97A14EFF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*",
              "matchCriteriaId": "17767460-94A3-443D-8D60-3607D3A894D6"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*",
              "matchCriteriaId": "63B654DB-8E10-422A-94B5-42F9D4EAB10F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC51692-5E94-4678-99B0-4EC1D633DDF8"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://me.sap.com/notes/3494349",
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://url.sap/sapsecuritypatchday",
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}