cvelistv5 - cve-2024-41734

cve-2024-41734

Vulnerability from cvelistv5

Published
2024-08-13 04:18
Modified
2024-08-13 14:38
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
References
▼	URL	Tags
	cna@sap.com	https://me.sap.com/notes/3494349	Permissions Required
	cna@sap.com	https://url.sap/sapsecuritypatchday	Vendor Advisory
Impacted products
▼	Vendor	Product
	SAP_SE	SAP NetWeaver Application Server ABAP and ABAP Platform
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41734",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T14:32:33.604375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T14:38:41.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SAP NetWeaver Application Server ABAP and ABAP Platform",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_BASIS 700"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 701"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 702"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 731"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 740"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 750"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 751"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 752"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 753"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 754"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 755"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 756"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 757"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 758"
            },
            {
              "status": "affected",
              "version": "SAP_BASIS 912"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-13T04:18:03.596Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://me.sap.com/notes/3494349"
        },
        {
          "url": "https://url.sap/sapsecuritypatchday"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2024-41734",
    "datePublished": "2024-08-13T04:18:03.596Z",
    "dateReserved": "2024-07-22T08:06:52.676Z",
    "dateUpdated": "2024-08-13T14:38:41.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41734\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2024-08-13T05:15:13.587\",\"lastModified\":\"2024-09-12T13:28:03.450\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.\"},{\"lang\":\"es\",\"value\":\"Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Application Server ABAP y ABAP Platform, un atacante autenticado podr\u00eda llamar a una transacci\u00f3n subyacente, lo que conduce a la divulgaci\u00f3n de informaci\u00f3n relacionada con el usuario. No hay ning\u00fan impacto en la integridad o la disponibilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4},{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB7909F4-1D66-4C4F-95F3-34ACB0190DB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8310EBA-2438-427F-80C2-BE151E35D97D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"732E155D-C866-4F0E-BC86-037B94308B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"035EDBAC-C29B-49DB-ACEE-CA64750E7290\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFD1A272-9FD0-426F-AF7D-5A8D7CF4A4BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05BE37AE-1CC3-4A84-BC9A-B353747B9151\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78B1673C-7EF7-4658-91EE-A5BFFDD068B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A69E6E2-46AD-4973-8F39-500D34D50570\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15141B2A-8186-454F-BC4D-6BF07420C899\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50137ED8-017E-4D0C-ADB4-8FD227301371\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_755:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"021DE052-25C3-49DF-B2AD-BF9D28B1CAD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_756:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFAA63CF-0FD5-4568-A88C-82AD97A14EFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_757:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17767460-94A3-443D-8D60-3607D3A894D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_758:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B654DB-8E10-422A-94B5-42F9D4EAB10F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:sap_basis_912:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CC51692-5E94-4678-99B0-4EC1D633DDF8\"}]}]}],\"references\":[{\"url\":\"https://me.sap.com/notes/3494349\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://url.sap/sapsecuritypatchday\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}
Action not permitted

cve-2024-41734

Vulnerability from cvelistv5

ghsa-45m2-f9mw-223r

Vulnerability from github

Tags
