CVE-2024-41729
MEDIUMSAP NetWeaver BW (BEx Analyzer) - Authenticated Information Disclosure via Missing Authorization Checks
Title source: llmDescription
Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3481588
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
4.3
EPSS
0.0026
EPSS Percentile
16.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-359
CWE-862
Status
published
Products (17)
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
DW4CORE 200
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
DW4CORE 300
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
DW4CORE 400
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 700
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 701
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 702
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 731
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 740
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 750
SAP_SE/SAP NetWeaver BW (BEx Analyzer)
SAP_BW 751
... and 7 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026