CVE-2024-24740

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

Published: Feb 13, 2024
Updated: May 4, 2025
CVE: CVE-2024-24740
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	krnl64uc_7.53	krnl64uc_7.53.x
sap / netweaver_application_server_abap	kernel_7.53	kernel_7.53.x
sap / netweaver_application_server_abap	kernel_7.77	kernel_7.77.x
sap / netweaver_application_server_abap	kernel_7.85	kernel_7.85.x
sap / netweaver_application_server_abap	kernel_7.89	kernel_7.89.x
sap / netweaver_application_server_abap	kernel_7.54	kernel_7.54.x
sap / netweaver_application_server_abap	kernel_7.93	kernel_7.93.x
sap / netweaver_application_server_abap	kernel_7.94	kernel_7.94.x

Vulnerability Database

289,784

CVE-2024-24740