SAP NetWeaver ABAP Privilege Escalation Vulnerability
CVE-2024-47585 Published on December 10, 2024
Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality.
Vulnerability Analysis
CVE-2024-47585 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2024-47585 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2024-47585
Want to know whenever a new CVE is published for SAP NetWeaver? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver Application Server for ABAP and ABAP Platform:- Version SAP_BASIS 740 is affected.
- Version SAP_BASIS 750 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.