CVE-2024-37180

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37180
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3454858 Permissions Required
https://url.sap/sapsecuritypatchday Patch
https://me.sap.com/notes/3454858 Permissions Required
https://url.sap/sapsecuritypatchday Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
History

29 Oct 2025, 14:44

Type Values Removed Values Added
CWE NVD-CWE-noinfo
References () https://me.sap.com/notes/3454858 - () https://me.sap.com/notes/3454858 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Patch
First Time Sap
Sap sap Basis
CPE cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*

21 Nov 2024, 09:23

Type Values Removed Values Added
References () https://me.sap.com/notes/3454858 - () https://me.sap.com/notes/3454858 -
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday -

09 Jul 2024, 18:19

Type Values Removed Values Added
Summary
  • (es) Bajo ciertas condiciones, SAP NetWeaver Application Server para ABAP y ABAP Platform permite a un atacante acceder al módulo de función habilitado de forma remota sin autorización adicional que de otro modo estaría restringida; la función se puede usar para leer información no confidencial con bajo impacto en la confidencialidad de la solicitud.

09 Jul 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-07-09 05:15

Updated : 2025-10-29 14:44

NVD link : CVE-2024-37180

Mitre link : CVE-2024-37180

CVE.ORG link : CVE-2024-37180

JSON object : View

Products Affected

sap

  • sap_basis
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo