CVE-2024-41728
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
10/09/2024
Last modified:
16/09/2024
Description
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
Impact
Base Score 3.x
2.70
Severity 3.x
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page