CVE-2024-44116: Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
First published: Tue Sep 10 2024(Updated: )
The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server | ||
| SAP ABAP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-44116?
The severity of CVE-2024-44116 is low, as it primarily impacts user workspace information.
How do I fix CVE-2024-44116?
To fix CVE-2024-44116, apply the recommended patches or updates provided by SAP for the affected software.
What are the affected products of CVE-2024-44116?
CVE-2024-44116 affects the SAP NetWeaver Application Server for ABAP and SAP ABAP Platform.
What impact does CVE-2024-44116 have on user data?
CVE-2024-44116 can expose usernames and access information about targeted users' workplaces, but it has a low impact on application integrity.
Is CVE-2024-44116 related to user permissions?
Yes, CVE-2024-44116 allows low privileged users to manipulate other users' workplace favorites.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver application server
- canonical/sap abap