CVE-2024-24740

Summary

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.53affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.54affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.77affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.85affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.89affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.93affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KERNEL 7.94affected
SAP_SESAP NetWeaver Application Server ABAP (SAP Kernel)KRNL64UC 7.53affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References