← Volver a CVEs
CVE-2024-41734
MEDIUM4.3
Descripcion
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
Detalles CVE
Puntuacion CVSS v3.14.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado8/13/2024
Ultima modificacion9/12/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
sap:netweaver_application_server_abap
Debilidades (CWE)
CWE-862
Referencias
https://me.sap.com/notes/3494349(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.