CVE-2024-47593
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP | KRNL64UC 7.53 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | KERNEL 7.53 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.54 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.77 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.89 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 7.93 | affected |
| SAP_SE | SAP NetWeaver Application Server ABAP | 9.12 | affected |
Weaknesses
- WE-524: Use of Cache Containing Sensitive Information
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.