CVE-2024-41732
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/08/2024
Last modified:
11/09/2024
Description
SAP NetWeaver Application Server ABAP allows<br />
an unauthenticated attacker to craft a URL link that could bypass allowlist<br />
controls. Depending on the web applications provided by this server, the<br />
attacker might inject CSS code or links into the web application that could<br />
allow the attacker to read or modify information. There is no impact on<br />
availability of application.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:* | ||
cpe:2.3:a:sap:netweaver_application_server_abap:sap_ui_754:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page