#VU100243 Information disclosure in ABAP Platform and SAP NetWeaver AS ABAP - CVE-2024-47593
Published: November 12, 2024
Vulnerability identifier: #VU100243
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-47593
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
ABAP Platform
SAP NetWeaver AS ABAP
ABAP Platform
SAP NetWeaver AS ABAP
Software vendor:
SAP
SAP
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an unspecified error in the application when reading. A remote attacker can read certain files from the server.
Note, the vulnerability exploitation is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology.
Remediation
Install updates from vendor's website.