CVE-2024-33005

Summary

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKRNL64NUC 7.22affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKRNL64NUC 7.22EXTaffected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKRNL64UC 7.22affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKRNL64UC 7.22EXTaffected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKRNL64UC 7.53affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.53affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.77affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.85affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.22_EXTaffected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.89affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.54affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerWEBDISP 7.93affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.22affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.53affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.77affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.85affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.89affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.54affected
SAP_SESAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content ServerKERNEL 7.93affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References