CVE-2024-24740

MEDIUM

SAP NetWeaver Application Server - Info Disclosure

Title source: llm

Description

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3360827

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.3

EPSS 0.0019

EPSS Percentile 40.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (8)

sap/netweaver_application_server_abap kernel_7.53

sap/netweaver_application_server_abap kernel_7.54

sap/netweaver_application_server_abap kernel_7.77

sap/netweaver_application_server_abap kernel_7.85

sap/netweaver_application_server_abap kernel_7.89

sap/netweaver_application_server_abap kernel_7.93

sap/netweaver_application_server_abap kernel_7.94

sap/netweaver_application_server_abap krnl64uc_7.53

Published Feb 13, 2024

Tracked Since Feb 18, 2026