Lucene search
SapCVE-2024-33005HistoryAug 13, 2024 - 4:15 a.m.
CVE-2024-33005
2024-08-1304:15:07
CWE-862
sap
web.nvd.nist.gov
29
authorization checks
admin users
impersonation
confidentiality
integrity
availability
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.5%
Due to the missing authorization checks in the
local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application
Server (ABAP and Java), and SAP Content Server can impersonate other users and
may perform some unintended actions. This could lead to a low impact on
confidentiality and a high impact on the integrity and availability of the
applications.
Affected configurations
Node
sapnetweaver_abapMatchkernel_7.22
ORsapnetweaver_abapMatchkernel_7.53
ORsapnetweaver_abapMatchkernel_7.54
ORsapnetweaver_abapMatchkernel_7.77
ORsapnetweaver_abapMatchkernel_7.85
ORsapnetweaver_abapMatchkernel_7.89
ORsapnetweaver_abapMatchkernel_7.93
ORsapnetweaver_abapMatchkrnl64nuc_7.22
ORsapnetweaver_abapMatchkrnl64nuc_7.22ext
ORsapnetweaver_abapMatchkrnl64uc_7.22
ORsapnetweaver_abapMatchkrnl64uc_7.22ext
ORsapnetweaver_abapMatchkrnl64uc_7.53
Node
sapnetweaver_javaMatchkernel_7.22
ORsapnetweaver_javaMatchkernel_7.53
ORsapnetweaver_javaMatchkernel_7.54
ORsapnetweaver_javaMatchkernel_7.77
ORsapnetweaver_javaMatchkernel_7.85
ORsapnetweaver_javaMatchkernel_7.89
ORsapnetweaver_javaMatchkernel_7.93
ORsapnetweaver_javaMatchkrnl64nuc_7.22
ORsapnetweaver_javaMatchkrnl64nuc_7.22ext
ORsapnetweaver_javaMatchkrnl64uc_7.22
ORsapnetweaver_javaMatchkrnl64uc_7.22ext
ORsapnetweaver_javaMatchkrnl64uc_7.53
Node
sapcontent_serverMatchkernel_7.22
ORsapcontent_serverMatchkernel_7.53
ORsapcontent_serverMatchkernel_7.54
ORsapcontent_serverMatchkernel_7.77
ORsapcontent_serverMatchkernel_7.85
ORsapcontent_serverMatchkernel_7.89
ORsapcontent_serverMatchkernel_7.93
ORsapcontent_serverMatchkrnl64nuc_7.22
ORsapcontent_serverMatchkrnl64nuc_7.22ext
ORsapcontent_serverMatchkrnl64uc_7.22
ORsapcontent_serverMatchkrnl64uc_7.22ext
ORsapcontent_serverMatchkrnl64uc_7.53
Node
sapweb_dispatcherMatchkernel_7.22
ORsapweb_dispatcherMatchkernel_7.53
ORsapweb_dispatcherMatchkernel_7.54
ORsapweb_dispatcherMatchkernel_7.77
ORsapweb_dispatcherMatchkernel_7.85
ORsapweb_dispatcherMatchkernel_7.89
ORsapweb_dispatcherMatchkernel_7.93
ORsapweb_dispatcherMatchkrnl64nuc_7.22
ORsapweb_dispatcherMatchkrnl64nuc_7.22ext
ORsapweb_dispatcherMatchkrnl64uc_7.22
ORsapweb_dispatcherMatchkrnl64uc_7.22ext
ORsapweb_dispatcherMatchkrnl64uc_7.53
ORsapweb_dispatcherMatchwebdisp_7.22_ext
ORsapweb_dispatcherMatchwebdisp_7.53
ORsapweb_dispatcherMatchwebdisp_7.54
ORsapweb_dispatcherMatchwebdisp_7.77
ORsapweb_dispatcherMatchwebdisp_7.85
ORsapweb_dispatcherMatchwebdisp_7.89
ORsapweb_dispatcherMatchwebdisp_7.93
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sap | netweaver_abap | kernel_7.22 | cpe:2.3:a:sap:netweaver_abap:kernel_7.22:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.53 | cpe:2.3:a:sap:netweaver_abap:kernel_7.53:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.54 | cpe:2.3:a:sap:netweaver_abap:kernel_7.54:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.77 | cpe:2.3:a:sap:netweaver_abap:kernel_7.77:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.85 | cpe:2.3:a:sap:netweaver_abap:kernel_7.85:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.89 | cpe:2.3:a:sap:netweaver_abap:kernel_7.89:*:*:*:*:*:*:* |
| sap | netweaver_abap | kernel_7.93 | cpe:2.3:a:sap:netweaver_abap:kernel_7.93:*:*:*:*:*:*:* |
| sap | netweaver_abap | krnl64nuc_7.22 | cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22:*:*:*:*:*:*:* |
| sap | netweaver_abap | krnl64nuc_7.22ext | cpe:2.3:a:sap:netweaver_abap:krnl64nuc_7.22ext:*:*:*:*:*:*:* |
| sap | netweaver_abap | krnl64uc_7.22 | cpe:2.3:a:sap:netweaver_abap:krnl64uc_7.22:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP NetWeaver Application Server (ABAP and Java),SAP Web Dispatcher and SAP Content Server",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "KRNL64NUC 7.22"
},
{
"status": "affected",
"version": "KRNL64NUC 7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.22"
},
{
"status": "affected",
"version": "KRNL64UC 7.22EXT"
},
{
"status": "affected",
"version": "KRNL64UC 7.53"
},
{
"status": "affected",
"version": "WEBDISP 7.53"
},
{
"status": "affected",
"version": "WEBDISP 7.77"
},
{
"status": "affected",
"version": "WEBDISP 7.85"
},
{
"status": "affected",
"version": "WEBDISP 7.22_EXT"
},
{
"status": "affected",
"version": "WEBDISP 7.89"
},
{
"status": "affected",
"version": "WEBDISP 7.54"
},
{
"status": "affected",
"version": "WEBDISP 7.93"
},
{
"status": "affected",
"version": "KERNEL 7.22"
},
{
"status": "affected",
"version": "KERNEL 7.53"
},
{
"status": "affected",
"version": "KERNEL 7.77"
},
{
"status": "affected",
"version": "KERNEL 7.85"
},
{
"status": "affected",
"version": "KERNEL 7.89"
},
{
"status": "affected",
"version": "KERNEL 7.54"
},
{
"status": "affected",
"version": "KERNEL 7.93"
}
]
}
]Related
nessus
nessus
SAP NetWeaver AS Java Missing Authorization (3438085)
2024-08-15 00:00:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-33005
2024-08-13 04:15:07
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.5%
Related for CVE-2024-33005