CVE-2024-37180

Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3454858	Permissions Required
https://url.sap/sapsecuritypatchday	Patch
https://me.sap.com/notes/3454858	Permissions Required
https://url.sap/sapsecuritypatchday	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:sap_basis:700:::::::*
	cpe:2.3:a:sap:sap_basis:701:::::::*
	cpe:2.3:a:sap:sap_basis:702:::::::*
	cpe:2.3:a:sap:sap_basis:731:::::::*
	cpe:2.3:a:sap:sap_basis:740:::::::*
	cpe:2.3:a:sap:sap_basis:750:::::::*
	cpe:2.3:a:sap:sap_basis:751:::::::*
	cpe:2.3:a:sap:sap_basis:752:::::::*
	cpe:2.3:a:sap:sap_basis:753:::::::*
	cpe:2.3:a:sap:sap_basis:754:::::::*
	cpe:2.3:a:sap:sap_basis:755:::::::*
	cpe:2.3:a:sap:sap_basis:756:::::::*
	cpe:2.3:a:sap:sap_basis:757:::::::*
	cpe:2.3:a:sap:sap_basis:758:::::::*

History

No history.

Information

Published : 2024-07-09 05:15

Updated : 2025-10-29 14:44

NVD link : CVE-2024-37180

Mitre link : CVE-2024-37180

CVE.ORG link : CVE-2024-37180

JSON object : View

Products Affected

sap

sap_basis

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo

{"id": "CVE-2024-37180", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-09T05:15:12.033", "references": [{"url": "https://me.sap.com/notes/3454858", "tags": ["Permissions Required"], "source": "[email protected]"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://me.sap.com/notes/3454858", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP NetWeaver\nApplication Server for ABAP and ABAP Platform allows an attacker to access\nremote-enabled function module with no further authorization which would\notherwise be restricted, the function can be used to read non-sensitive\ninformation with low impact on confidentiality of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP NetWeaver Application Server para ABAP y ABAP Platform permite a un atacante acceder al m\u00f3dulo de funci\u00f3n habilitado de forma remota sin autorizaci\u00f3n adicional que de otro modo estar\u00eda restringida; la funci\u00f3n se puede usar para leer informaci\u00f3n no confidencial con bajo impacto en la confidencialidad de la solicitud."}], "lastModified": "2025-10-29T14:44:33.727", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5"}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6"}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD"}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71"}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA"}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8"}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153"}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB"}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D"}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC"}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F"}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}