Unknown
CVE-2024-41732
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2024-41732
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
SAP NetWeaver Application Server ABAP allows
an unauthenticated attacker to craft a URL link that could bypass allowlist
controls. Depending on the web applications provided by this server, the
attacker might inject CSS code or links into the web application that could
allow the attacker to read or modify information. There is no impact on
availability of application.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- netweaver application server abap 755,
- netweaver application server abap 756,
- netweaver application server abap 757,
- netweaver application server abap 758,
- netweaver application server abap sap basis 700,
- netweaver application server abap sap basis 701,
- netweaver application server abap sap basis 702,
- netweaver application server abap sap basis 731,
- netweaver application server abap sap basis 912,
- netweaver application server abap sap ui 754
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
