CVE-2024-44114: Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
First published: Tue Sep 10 2024(Updated: )
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server for ABAP | =702 | |
| SAP NetWeaver Application Server for ABAP | =731 | |
| SAP NetWeaver Application Server for ABAP | =740 | |
| SAP NetWeaver Application Server for ABAP | =750 | |
| SAP NetWeaver Application Server for ABAP | =751 | |
| SAP NetWeaver Application Server for ABAP | =752 | |
| SAP NetWeaver Application Server for ABAP | =753 | |
| SAP NetWeaver Application Server for ABAP | =754 | |
| SAP NetWeaver Application Server for ABAP | =755 | |
| SAP NetWeaver Application Server for ABAP | =756 | |
| SAP NetWeaver Application Server for ABAP | =757 | |
| SAP NetWeaver Application Server for ABAP | =758 | |
| SAP NetWeaver Application Server for ABAP | =912 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-44114?
The severity of CVE-2024-44114 is minimal, affecting confidentiality.
How do I fix CVE-2024-44114?
Fixing CVE-2024-44114 involves applying the relevant SAP security patches or updates.
Which versions of SAP NetWeaver Application Server for ABAP are affected by CVE-2024-44114?
CVE-2024-44114 affects versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 758, and 912 of SAP NetWeaver Application Server for ABAP.
What are the potential impacts of CVE-2024-44114?
The potential impact of CVE-2024-44114 includes unauthorized data exposure over the network.
Can user privileges affect CVE-2024-44114?
Yes, users with high privileges may exploit CVE-2024-44114 to execute a program that reveals sensitive data.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/weakness
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/sap
- canonical/sap netweaver application server for abap
- version/sap netweaver application server for abap/702
- version/sap netweaver application server for abap/731
- version/sap netweaver application server for abap/740
- version/sap netweaver application server for abap/750
- version/sap netweaver application server for abap/751
- version/sap netweaver application server for abap/752
- version/sap netweaver application server for abap/753
- version/sap netweaver application server for abap/754
- version/sap netweaver application server for abap/755
- version/sap netweaver application server for abap/756
- version/sap netweaver application server for abap/757
- version/sap netweaver application server for abap/758
- version/sap netweaver application server for abap/912