CVSS: 2.0EPSS: 0%CPEs: 13EXPL: 0CVE-2024-44114 – Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-44114
SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. This results in a minimal impact on confidentiality of the application. • https://me.sap.com/notes/3507252 https://url.sap/sapsecuritypatchday • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2024-42380 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-42380
The RFC enabled function module allows a low privileged user to read any user's workplace favourites and user menu along with all the specific data of each node. Usernames can be enumerated by exploiting vulnerability. There is low impact on confidentiality of the application. • https://me.sap.com/notes/3488039 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 15EXPL: 0CVE-2024-42371 – Multiple vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-42371
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application. • https://me.sap.com/notes/3488039 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33001 – Denial of service (DOS) in SAP NetWeaver and ABAP platform
https://notcve.org/view.php?id=CVE-2024-33001
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate users causing high impact on availability of the application. La plataforma SAP NetWeaver y ABAP permite a un atacante impedir el rendimiento de usuarios legítimos bloqueando o inundando el servicio. Un impacto de esta vulnerabilidad de denegación de servicio podría ser largas demoras en la respuesta e interrupciones del servicio, degradando así la calidad del servicio experimentada por los usuarios legítimos y causando un alto impacto en la disponibilidad de la aplicación. • https://me.sap.com/notes/3453170 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-30218 – Denial of service (DOS) vulnerability in SAP NetWeaver AS ABAP and ABAP Platform
https://notcve.org/view.php?id=CVE-2024-30218
The ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service. This leads to a considerable impact on availability. El servidor de aplicaciones ABAP de SAP NetWeaver, así como la plataforma ABAP, permiten a un atacante impedir que usuarios legítimos accedan a un servicio, ya sea bloqueando o inundando el servicio. Esto tiene un impacto considerable en la disponibilidad. • https://me.sap.com/notes/3359778 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-400: Uncontrolled Resource Consumption •