CVE-2024-33005

MEDIUM EPSS 11.0%
Published Aug 13, 20241y ago · Modified Jun 17, 20262w ago
6.3 CVSS 3.1
Medium
Find Similar
Published Aug 13, 2024 1y ago
Last Modified Jun 17, 2026 2w ago

Description

Due to the missing authorization checks in the local systems, the admin users of SAP Web Dispatcher, SAP NetWeaver Application Server (ABAP and Java), and SAP Content Server can impersonate other users and may perform some unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.

CVSS Details

Base Score
6.3
Exploitability
0.8
Impact
5.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
11.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 55

VendorProductVersionRange
sapnetweaver_abapkernel_7.22any
sapnetweaver_abapkernel_7.53any
sapnetweaver_abapkernel_7.54any
sapnetweaver_abapkernel_7.77any
sapnetweaver_abapkernel_7.85any
sapnetweaver_abapkernel_7.89any
sapnetweaver_abapkernel_7.93any
sapnetweaver_abapkrnl64nuc_7.22any
sapnetweaver_abapkrnl64nuc_7.22extany
sapnetweaver_abapkrnl64uc_7.22any
sapnetweaver_abapkrnl64uc_7.22extany
sapnetweaver_abapkrnl64uc_7.53any
sapnetweaver_javakernel_7.22any
sapnetweaver_javakernel_7.53any
sapnetweaver_javakernel_7.54any
sapnetweaver_javakernel_7.77any
sapnetweaver_javakernel_7.85any
sapnetweaver_javakernel_7.89any
sapnetweaver_javakernel_7.93any
sapnetweaver_javakrnl64nuc_7.22any
sapnetweaver_javakrnl64nuc_7.22extany
sapnetweaver_javakrnl64uc_7.22any
sapnetweaver_javakrnl64uc_7.22extany
sapnetweaver_javakrnl64uc_7.53any
sapcontent_serverkernel_7.22any
sapcontent_serverkernel_7.53any
sapcontent_serverkernel_7.54any
sapcontent_serverkernel_7.77any
sapcontent_serverkernel_7.85any
sapcontent_serverkernel_7.89any
sapcontent_serverkernel_7.93any
sapcontent_serverkrnl64nuc_7.22any
sapcontent_serverkrnl64nuc_7.22extany
sapcontent_serverkrnl64uc_7.22any
sapcontent_serverkrnl64uc_7.22extany
sapcontent_serverkrnl64uc_7.53any
sapweb_dispatcherkernel_7.22any
sapweb_dispatcherkernel_7.53any
sapweb_dispatcherkernel_7.54any
sapweb_dispatcherkernel_7.77any
sapweb_dispatcherkernel_7.85any
sapweb_dispatcherkernel_7.89any
sapweb_dispatcherkernel_7.93any
sapweb_dispatcherkrnl64nuc_7.22any
sapweb_dispatcherkrnl64nuc_7.22extany
sapweb_dispatcherkrnl64uc_7.22any
sapweb_dispatcherkrnl64uc_7.22extany
sapweb_dispatcherkrnl64uc_7.53any
sapweb_dispatcherwebdisp_7.22_extany
sapweb_dispatcherwebdisp_7.53any
sapweb_dispatcherwebdisp_7.54any
sapweb_dispatcherwebdisp_7.77any
sapweb_dispatcherwebdisp_7.85any
sapweb_dispatcherwebdisp_7.89any
sapweb_dispatcherwebdisp_7.93any

References 2

  • me.sap.com https://me.sap.com/notes/3438085
    Permissions Required
  • url.sap https://url.sap/sapsecuritypatchday
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.