Attackers Can Read Confidential Objects Without Authorization
CVE-2024-41728
2.7LOW
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 10 September 2024
What is CVE-2024-41728?
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.
Affected Version(s)
SAP NetWeaver Application Server for ABAP and ABAP Platform 700
SAP NetWeaver Application Server for ABAP and ABAP Platform 701
SAP NetWeaver Application Server for ABAP and ABAP Platform 702