Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-41728

Опубликовано: 10 сент. 2024
Источник: nvd
CVSS3: 2.7
EPSS Низкий

Описание

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*

EPSS

Процентиль: 25%
0.00086
Низкий

2.7 Low

CVSS3

Дефекты

CWE-862

Связанные уязвимости

github логотип

GHSA-j583-4h4q-5jwm

CVSS3: 2.7
github
больше 1 года назад

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

fstec логотип

BDU:2025-12959

CVSS3: 2.7
fstec
больше 1 года назад

Уязвимость программных интеграционных платформ SAP NetWeaver Application Server ABAP и ABAP Platform, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

EPSS

Процентиль: 25%
0.00086
Низкий

2.7 Low

CVSS3

Дефекты

CWE-862