CVE-2024-41732
Improper Access Control in SAP Netweaver Application Server ABAP
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.7EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
13 Aug 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver Application Server ABAP allows
an unauthenticated attacker to craft a URL link that could bypass allowlist
controls. Depending on the web applications provided by this server, the
attacker might inject CSS code or links into the web application that could
allow the attacker to read or modify information. There is no impact on
availability of application.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
SAP_SE · SAP NetWeaver Application Server ABAPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →