Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-41734

Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.

Published

2024-08-13T05:15:13.587

Last Modified

2024-09-12T13:28:03.450

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	netweaver_application_server_abap	sap_basis_700	Yes
Application	sap	netweaver_application_server_abap	sap_basis_701	Yes
Application	sap	netweaver_application_server_abap	sap_basis_702	Yes
Application	sap	netweaver_application_server_abap	sap_basis_731	Yes
Application	sap	netweaver_application_server_abap	sap_basis_740	Yes
Application	sap	netweaver_application_server_abap	sap_basis_750	Yes
Application	sap	netweaver_application_server_abap	sap_basis_751	Yes
Application	sap	netweaver_application_server_abap	sap_basis_752	Yes
Application	sap	netweaver_application_server_abap	sap_basis_753	Yes
Application	sap	netweaver_application_server_abap	sap_basis_754	Yes
Application	sap	netweaver_application_server_abap	sap_basis_755	Yes
Application	sap	netweaver_application_server_abap	sap_basis_756	Yes
Application	sap	netweaver_application_server_abap	sap_basis_757	Yes
Application	sap	netweaver_application_server_abap	sap_basis_758	Yes
Application	sap	netweaver_application_server_abap	sap_basis_912	Yes

References

https://me.sap.com/notes/3494349 Permissions Required ([email protected])
https://url.sap/sapsecuritypatchday Vendor Advisory ([email protected])