Vulnerability Details CVE-2024-41728
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.0%
CVSS Severity
CVSS v3 Score 2.7
Products affected by CVE-2024-41728
-
cpe:2.3:a:sap:netweaver_application_server_abap:700
-
cpe:2.3:a:sap:netweaver_application_server_abap:701
-
cpe:2.3:a:sap:netweaver_application_server_abap:702
-
cpe:2.3:a:sap:netweaver_application_server_abap:731
-
cpe:2.3:a:sap:netweaver_application_server_abap:740
-
cpe:2.3:a:sap:netweaver_application_server_abap:750
-
cpe:2.3:a:sap:netweaver_application_server_abap:751
-
cpe:2.3:a:sap:netweaver_application_server_abap:752
-
cpe:2.3:a:sap:netweaver_application_server_abap:753
-
cpe:2.3:a:sap:netweaver_application_server_abap:754
-
cpe:2.3:a:sap:netweaver_application_server_abap:755
-
cpe:2.3:a:sap:netweaver_application_server_abap:756
-
cpe:2.3:a:sap:netweaver_application_server_abap:757
-
cpe:2.3:a:sap:netweaver_application_server_abap:758
-
cpe:2.3:a:sap:netweaver_application_server_abap:912