SAP NetWeaver ABAP Priv Escalation Leaks Data Over Net
CVE-2024-44114 Published on September 10, 2024
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application.
Vulnerability Analysis
CVE-2024-44114 is exploitable with network access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2024-44114 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-44114
Want to know whenever a new CVE is published for SAP Netweaver Application Server Abap? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform:- Version 702 is affected.
- Version 731 is affected.
- Version 740 is affected.
- Version 750 is affected.
- Version 751 is affected.
- Version 752 is affected.
- Version 753 is affected.
- Version 754 is affected.
- Version 755 is affected.
- Version 756 is affected.
- Version 757 is affected.
- Version 758 is affected.
- Version 912 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.