Information disclosure in ABAP Platform and SAP NetWeaver AS ABAP - CVE-2024-47593

 

Information disclosure in ABAP Platform and SAP NetWeaver AS ABAP - CVE-2024-47593

Published: November 12, 2024


Vulnerability identifier: #VU100243
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-47593
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SAP
Affected software:
ABAP Platform
SAP NetWeaver AS ABAP

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an unspecified error in the application when reading. A remote attacker can read certain files from the server.

Note, the vulnerability exploitation is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology.


How to mitigate CVE-2024-47593

Install updates from vendor's website.

Sources