VDB
NCSC-2024-0378
NCSC-2024-0378
PUBLISHED
CVSS 6 MEDIUM
SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.
Risk Scores
CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| commerce_cloud | ||
| netweaver_application_server_abap | ||
| businessobjects_business_intelligence_platform | ||
| business_warehouse |
Exploit Intelligence
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/september-2024.html (circl)
- Attempts to partially detect the BREACH HTTP compression vulnerability (CVE-2013-3587). The script can only confirm if an HTTPS request successfully completes with a Referer header and that the response uses HTTP compression (gzip, DEFLATE). However, details for additional vulnerability confirmation are provided in the vuln description output. References: * http://www.breachattack.com/ * https://blog.qualys.com/ssllabs/2013/08/07/defending-against-the-breach-attack (nmap-nse)
Timeline
- Dec 6, 2019 PoC Published
- Sep 19, 2024 CVE Published