CVE-2024-44117
MEDIUMSAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
Title source: llmDescription
The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3488039
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0007
EPSS Percentile
20.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (15)
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
700
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
701
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
702
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
731
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
740
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
750
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
751
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
752
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
753
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
754
... and 5 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026