CVE-2024-41734: Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
First published: Tue Aug 13 2024(Updated: )
Due to missing authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform, an authenticated attacker could call an underlying transaction, which leads to disclosure of user related information. There is no impact on integrity or availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server for ABAP | =sap_basis_700 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_701 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_702 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_731 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_740 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_750 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_751 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_752 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_753 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_754 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_755 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_756 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_757 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_758 | |
| SAP NetWeaver Application Server for ABAP | =sap_basis_912 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-41734?
CVE-2024-41734 is classified with a medium severity level due to its potential for an authenticated attacker to access user-related information.
How do I fix CVE-2024-41734?
To mitigate CVE-2024-41734, apply the latest security patches provided by SAP for the affected versions of the SAP NetWeaver Application Server ABAP.
What are the affected versions of SAP NetWeaver Application Server ABAP for CVE-2024-41734?
CVE-2024-41734 affects SAP NetWeaver Application Server ABAP versions from sap_basis_700 to sap_basis_912.
What type of information could be disclosed due to CVE-2024-41734?
CVE-2024-41734 can lead to the disclosure of user-related information, compromising user privacy.
Is there any impact on integrity or availability from CVE-2024-41734?
CVE-2024-41734 does not impact the integrity or availability of the system, it only affects confidentiality.
- agent/weakness
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap netweaver application server for abap
- version/sap netweaver application server for abap/sap_basis_700
- version/sap netweaver application server for abap/sap_basis_701
- version/sap netweaver application server for abap/sap_basis_702
- version/sap netweaver application server for abap/sap_basis_731
- version/sap netweaver application server for abap/sap_basis_740
- version/sap netweaver application server for abap/sap_basis_750
- version/sap netweaver application server for abap/sap_basis_751
- version/sap netweaver application server for abap/sap_basis_752
- version/sap netweaver application server for abap/sap_basis_753
- version/sap netweaver application server for abap/sap_basis_754
- version/sap netweaver application server for abap/sap_basis_755
- version/sap netweaver application server for abap/sap_basis_756
- version/sap netweaver application server for abap/sap_basis_757
- version/sap netweaver application server for abap/sap_basis_758
- version/sap netweaver application server for abap/sap_basis_912