CVE-2024-33005
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/08/2024
Last modified:
12/09/2024
Description
Due to the missing authorization checks in the<br />
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application<br />
Server (ABAP and Java), and SAP Content Server can impersonate other users and<br />
may perform some unintended actions. This could lead to a low impact on<br />
confidentiality and a high impact on the integrity and availability of the<br />
applications.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.54:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.89:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:kernel_7.93:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22ext:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_java:kernel_7.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_java:kernel_7.53:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_java:kernel_7.54:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page