CVE-2024-41732

SAP NetWeaver Application Server ABAP allows an unauthenticated attacker to craft a URL link that could bypass allowlist controls. Depending on the web applications provided by this server, the attacker might inject CSS code or links into the web application that could allow the attacker to read or modify information. There is no impact on availability of application.

Published: Aug 13, 2024
Updated: May 4, 2025
CVE: CVE-2024-41732
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	755	755.x
sap / netweaver_application_server_abap	756	756.x
sap / netweaver_application_server_abap	757	757.x
sap / netweaver_application_server_abap	sap_basis_700	sap_basis_700.x
sap / netweaver_application_server_abap	sap_basis_701	sap_basis_701.x
sap / netweaver_application_server_abap	sap_basis_702	sap_basis_702.x
sap / netweaver_application_server_abap	sap_ui_754	sap_ui_754.x
sap / netweaver_application_server_abap	758	758.x
sap / netweaver_application_server_abap	sap_basis_731	sap_basis_731.x
sap / netweaver_application_server_abap	sap_basis_912	sap_basis_912.x

Vulnerability Database

289,784

CVE-2024-41732