CVE-2024-37180

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-37180
Under certain conditions SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to access remote-enabled function module with no further authorization which would otherwise be restricted, the function can be used to read non-sensitive information with low impact on confidentiality of the application.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3454858 Permissions Required
https://url.sap/sapsecuritypatchday Patch
https://me.sap.com/notes/3454858 Permissions Required
https://url.sap/sapsecuritypatchday Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
History

29 Oct 2025, 14:44

Type Values Removed Values Added
References () https://me.sap.com/notes/3454858 - () https://me.sap.com/notes/3454858 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Patch
CPE cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*
First Time Sap
Sap sap Basis
CWE NVD-CWE-noinfo
Information

Published : 2024-07-09 05:15

Updated : 2025-10-29 14:44

NVD link : CVE-2024-37180

Mitre link : CVE-2024-37180

CVE.ORG link : CVE-2024-37180

JSON object : View

Products Affected

sap

  • sap_basis
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo