What is the severity of CVE-2024-41728?

CVE-2024-41728 has been assessed as having a high severity due to its impact on confidentiality.

How do I fix CVE-2024-41728?

To mitigate CVE-2024-41728, it is recommended to apply the latest patches provided by SAP for affected versions of NetWeaver Application Server for ABAP.

What systems are affected by CVE-2024-41728?

CVE-2024-41728 affects multiple versions of SAP NetWeaver Application Server for ABAP, specifically versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, and 912.

What kind of attack does CVE-2024-41728 enable?

CVE-2024-41728 enables an attacker logged in as a developer to read unauthorized objects contained within a package.

Is there a workaround for CVE-2024-41728?

Currently, no official workaround is provided for CVE-2024-41728, so applying security patches is the recommended course of action.

Vulnerability/
CVE-2024-41728

low

2.7

CWE

862

10/9/2024

16/9/2024

CVE-2024-41728: Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform

First published: Tue Sep 10 2024(Updated: )

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP NetWeaver AS ABAP	=700
SAP NetWeaver AS ABAP	=701
SAP NetWeaver AS ABAP	=702
SAP NetWeaver AS ABAP	=731
SAP NetWeaver AS ABAP	=740
SAP NetWeaver AS ABAP	=750
SAP NetWeaver AS ABAP	=751
SAP NetWeaver AS ABAP	=752
SAP NetWeaver AS ABAP	=753
SAP NetWeaver AS ABAP	=754
SAP NetWeaver AS ABAP	=755
SAP NetWeaver AS ABAP	=756
SAP NetWeaver AS ABAP	=757
SAP NetWeaver AS ABAP	=758
SAP NetWeaver AS ABAP	=912

Remedy

https://url.sap/sapsecuritypatchday

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-41728?
CVE-2024-41728 has been assessed as having a high severity due to its impact on confidentiality.
How do I fix CVE-2024-41728?
To mitigate CVE-2024-41728, it is recommended to apply the latest patches provided by SAP for affected versions of NetWeaver Application Server for ABAP.
What systems are affected by CVE-2024-41728?
CVE-2024-41728 affects multiple versions of SAP NetWeaver Application Server for ABAP, specifically versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, and 912.
What kind of attack does CVE-2024-41728 enable?
CVE-2024-41728 enables an attacker logged in as a developer to read unauthorized objects contained within a package.
Is there a workaround for CVE-2024-41728?
Currently, no official workaround is provided for CVE-2024-41728, so applying security patches is the recommended course of action.

agent/title
agent/references
agent/description
agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/remedy
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/sap
canonical/sap netweaver as abap
version/sap netweaver as abap/700
version/sap netweaver as abap/701
version/sap netweaver as abap/702
version/sap netweaver as abap/731
version/sap netweaver as abap/740
version/sap netweaver as abap/750
version/sap netweaver as abap/751
version/sap netweaver as abap/752
version/sap netweaver as abap/753
version/sap netweaver as abap/754
version/sap netweaver as abap/755
version/sap netweaver as abap/756
version/sap netweaver as abap/757
version/sap netweaver as abap/758
version/sap netweaver as abap/912