CVE-2024-41732 MEDIUM

CVE-2024-41732: Improper Access Control in SAP Netweaver Application Server ABAP

Vendor Sap_Se
Product SAP NetWeaver Application Server ABAP
Weakness CWE-284
Published August 13, 2024
Last update August 13, 2024

CVSS base score

4.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.

Key dates

02Disclosure timeline

August 13, 2024 CVE published
August 13, 2024 Record updated