CVE-2024-42380: Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
First published: Tue Sep 10 2024(Updated: )
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS ABAP Kernel | ||
| SAP ABAP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-42380?
CVE-2024-42380 has a low impact on confidentiality due to the ability of low privileged users to enumerate usernames.
How do I fix CVE-2024-42380?
Fixing CVE-2024-42380 involves applying relevant patches provided by SAP for the affected software.
What software is affected by CVE-2024-42380?
CVE-2024-42380 affects SAP NetWeaver Application Server for ABAP and SAP ABAP Platform.
Can CVE-2024-42380 lead to unauthorized data access?
Yes, CVE-2024-42380 can potentially allow low privileged users to read other users' workplace favourites and menus.
Is user enumeration possible with CVE-2024-42380?
Yes, CVE-2024-42380 allows an attacker to enumerate usernames through the exploitation of the vulnerability.
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as abap kernel
- canonical/sap abap