CVE-2024-42371
MEDIUMSAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
Title source: llmDescription
The RFC enabled function module allows a low privileged user to delete the workplace favourites of any user. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces and nodes. There is low impact on integrity and availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3488039
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
19.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (15)
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
700
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
701
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
702
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
731
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
740
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
750
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
751
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
752
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
753
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
754
... and 5 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026