We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-41729

Information Disclosure vulnerability in the SAP NetWeaver BW (BEx Analyzer)



Description

Due to missing authorization checks, SAP BEx Analyzer allows an authenticated attacker to access information over the network which is otherwise restricted. On successful exploitation the attacker can enumerate information causing a limited impact on confidentiality of the application.

Reserved 2024-07-22 | Published 2024-09-10 | Updated 2024-09-10 | Assigner sap


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-359: Exposure of Private Personal Information to an Unauthorized Actor

CWE-862: Missing Authorization

Product status

Default status
unaffected

DW4CORE 200
affected

DW4CORE 300
affected

DW4CORE 400
affected

SAP_BW 700
affected

SAP_BW 701
affected

SAP_BW 702
affected

SAP_BW 731
affected

SAP_BW 740
affected

SAP_BW 750
affected

SAP_BW 751
affected

SAP_BW 752
affected

SAP_BW 753
affected

SAP_BW 754
affected

SAP_BW 755
affected

SAP_BW 756
affected

SAP_BW 757
affected

SAP_BW 758
affected

References

me.sap.com/notes/3481588

url.sap/sapsecuritypatchday

cve.org (CVE-2024-41729)

nvd.nist.gov (CVE-2024-41729)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-41729

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.