CVE-2024-41732

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/08/2024
Last modified:
11/09/2024

Description

SAP NetWeaver Application Server ABAP allows<br /> an unauthenticated attacker to craft a URL link that could bypass allowlist<br /> controls. Depending on the web applications provided by this server, the<br /> attacker might inject CSS code or links into the web application that could<br /> allow the attacker to read or modify information. There is no impact on<br /> availability of application.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:sap_ui_754:*:*:*:*:*:*:*