{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-24740","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-01-29T05:13:46.617Z","datePublished":"2024-02-13T02:35:21.224Z","dateUpdated":"2025-05-09T18:29:28.460Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP NetWeaver Application Server ABAP (SAP Kernel)","vendor":"SAP_SE","versions":[{"status":"affected","version":"KERNEL 7.53"},{"status":"affected","version":"KERNEL 7.54"},{"status":"affected","version":"KERNEL 7.77"},{"status":"affected","version":"KERNEL 7.85"},{"status":"affected","version":"KERNEL 7.89"},{"status":"affected","version":"KERNEL 7.93"},{"status":"affected","version":"KERNEL 7.94"},{"status":"affected","version":"KRNL64UC 7.53"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.</p>"}],"value":"SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-732","description":"CWE-732: Incorrect Permission Assignment for Critical Resource","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2024-09-28T22:22:42.214Z"},"references":[{"url":"https://me.sap.com/notes/3360827"},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}],"source":{"discovery":"UNKNOWN"},"title":"Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T23:28:11.763Z"},"title":"CVE Program Container","references":[{"url":"https://me.sap.com/notes/3360827","tags":["x_transferred"]},{"url":"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-02-16T15:16:03.717173Z","id":"CVE-2024-24740","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-09T18:29:28.460Z"}}]}}