CVE-2024-45285
MEDIUMSAP NetWeaver ABAP RFC Module - User Denial of Service
Title source: manualDescription
The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3488039
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (15)
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
700
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
701
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
702
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
731
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
740
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
750
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
751
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
752
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
753
SAP_SE/SAP NetWeaver Application Server for ABAP and ABAP Platform
754
... and 5 more
Published
Sep 10, 2024
Tracked Since
Feb 18, 2026