Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
                
            Metrics
Affected Vendors & Products
References
        History
                    Mon, 16 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Sap Sap netweaver Application Server Abap | |
| CPEs | cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:* | |
| Vendors & Products | Sap Sap netweaver Application Server Abap | 
Tue, 10 Sep 2024 14:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Metrics | ssvc 
 | 
Tue, 10 Sep 2024 04:15:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects. | |
| Title | Missing Authorization check in SAP NetWeaver Application Server for ABAP and ABAP Platform | |
| Weaknesses | CWE-862 | |
| References |  | |
| Metrics | cvssV3_1 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: sap
Published: 2024-09-10T04:00:56.713Z
Updated: 2024-09-10T13:26:14.224Z
Reserved: 2024-07-22T08:06:52.675Z
Link: CVE-2024-41728
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-10T13:25:48.905Z
 NVD
                        NVD
                    Status : Analyzed
Published: 2024-09-10T04:15:04.470
Modified: 2024-09-16T14:14:52.840
Link: CVE-2024-41728
 Redhat
                        Redhat
                    No data.