SAP NetWeaver ABAP Server File Disclosure Vulnerability
CVE-2024-47593 Published on November 12, 2024
Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform
SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability.
Vulnerability Analysis
CVE-2024-47593 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2024-47593
Want to know whenever a new CVE is published for SAP Netweaver Application Server Abap? stack.watch will email you.
Affected Versions
SAP_SE SAP NetWeaver Application Server ABAP:- Version KRNL64UC 7.53 is affected.
- Version KERNEL 7.53 is affected.
- Version 7.54 is affected.
- Version 7.77 is affected.
- Version 7.89 is affected.
- Version 7.93 is affected.
- Version 9.12 is affected.
- Version KRNL64UC_7.53 is affected.
- Version KERNEL_7.53 is affected.
- Version 7.54 is affected.
- Version 7.77 is affected.
- Version 7.89 is affected.
- Version 7.93 is affected.
- Version 9.12 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.