CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-24740: Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

5.3 CVSS

Description

SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application.

Classification

CVE ID: CVE-2024-24740

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types

CWE-732: Incorrect Permission Assignment for Critical Resource

Affected Products

Vendor: SAP_SE

Product: SAP NetWeaver Application Server ABAP (SAP Kernel)

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 34.99% (scored less or equal to compared to others)

EPSS Date: 2025-06-07 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-24740
https://me.sap.com/notes/3360827
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Timeline

2025-05-09 19:40:18 UTC
CVE

Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)