CVE-2024-41728

Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. This causes an impact on confidentiality, as this attacker would otherwise not have access to view these objects.

Published: Sep 10, 2024
Updated: May 4, 2025
CVE: CVE-2024-41728
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 2.7
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	702	702.x
sap / netweaver_application_server_abap	750	750.x
sap / netweaver_application_server_abap	752	752.x
sap / netweaver_application_server_abap	753	753.x
sap / netweaver_application_server_abap	754	754.x
sap / netweaver_application_server_abap	755	755.x
sap / netweaver_application_server_abap	912	912.x
sap / netweaver_application_server_abap	758	758.x
sap / netweaver_application_server_abap	757	757.x
sap / netweaver_application_server_abap	756	756.x
sap / netweaver_application_server_abap	751	751.x
sap / netweaver_application_server_abap	740	740.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	701	701.x
sap / netweaver_application_server_abap	700	700.x

Vulnerability Database

289,697

CVE-2024-41728