CVE-2024-41732
4.7
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_UI 754 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 755 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 756 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 757 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 758 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 700 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 701 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 702 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 731 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 912 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.