CVE-2024-24740 MEDIUM

CVE-2024-24740: Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

Vendor Sap_Se
Product SAP NetWeaver Application Server ABAP (SAP Kernel)
Weakness CWE-732
Published February 13, 2024
Last update May 9, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

Key dates

02Disclosure timeline

February 13, 2024 CVE published
May 9, 2025 Record updated