CVE-2024-41728

Summary

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform700affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform701affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform702affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform731affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform740affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform750affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform751affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform752affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform753affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform754affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform755affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform756affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform757affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform758affected
SAP_SESAP NetWeaver Application Server for ABAP and ABAP Platform912affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References