VDB
GCVE-VVD-NCSC-2024-378
GCVE-VVD-NCSC-2024-378
Advisory PublishedCVSS 5.9/10
SAP heeft kwetsbaarheden verholpen in diverse producten, zoals SAP, Business Warehouse, NetWeaver, HANA, Business Objects en Commerce.
Weaknesses (CWE)
CWE-325Missing Cryptographic StepCWE-862Missing AuthorizationCWE-359Exposure of Private Personal Information to an Unauthorized ActorCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-863Incorrect AuthorizationCWE-213Exposure of Sensitive Information Due to Incompatible PoliciesCWE-426Untrusted Search PathCWE-256Plaintext Storage of a Password
Risk Scores
CVSS 3.1
5.9/10
Medium · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| sap | sap | — | — |
| sap | commerce_cloud | — | — |
| sap_se | sap_netweaver_application_server_for_abap_and_abap_platform | — | — |
| sap | netweaver_application_server_abap | — | — |
| sap_se | sap_netweaver_bw__bex_analyzer_ | — | — |
| sap_se | sap_s_4hana_eprocurement | — | — |
| sap_se | sap_for_oil___gas | — | — |
| sap | oil_\%\/_gas | — | — |
| sap_se | sap_business_warehouse__bex_analyzer_ | — | — |
| sap_se | sap_netweaver_enterprise_portal | — | — |
| sap | netweaver_enterprise_portal | — | — |
| sap_se | sap_s_4_hana__statutory_reports_ | — | — |
| sap_se | sap_netweaver_application_server_for_abap__crm_blueprint_application_builder_panel_ | — | — |
| sap_se | sap_netweaver_as_java__logon_application_ | — | — |
| sap_se | sap_businessobjects_business_intelligence_platform | — | — |
| sap | businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_netweaver_as_for_java__destination_service_ | — | — |
| sap | netweaver_as_for_java | — | — |
| sap_se | sap_student_life_cycle_management__slcm_ | — | — |
| sap | student_life_cycle_management | — | — |
| sap_se | sap_production_and_revenue_accounting__tobin_interface_ | — | — |
Aliases
CVE-2024-45283CVE-2024-41729CVE-2024-45284CVE-2024-41728CVE-2024-44121CVE-2024-45280CVE-2024-42371CVE-2024-44116CVE-2024-45286CVE-2024-44115CVE-2024-44112CVE-2024-45279CVE-2024-44114CVE-2024-44113CVE-2024-42380CVE-2013-3587CVE-2024-45285CVE-2024-44120CVE-2024-45281CVE-2024-44117CVE-2024-42378
Transitive aliases
EUVD-2024-41416H1-254895EUVD-2013-3521VVD-CISA-2024-42378VVD-CISA-2024-41728GHSA-j73c-62cp-6vqjGHSA-g8fp-rvc4-jw76EUVD-2024-39585BDU:2025-12955EUVD-2024-39576GHSA-8j5m-w5gm-27m4EUVD-2024-41415EUVD-2024-41411GHSA-v3w5-wfjx-fh47WID-SEC-W-2024-2086VVD-CISA-2024-45286VVD-CISA-2024-44112EUVD-2024-40873GHSA-j583-4h4q-5jwmEUVD-2024-41412EUVD-2024-40877VVD-CISA-2024-44117BDU:2025-12961GHSA-q44j-mpqx-mx83BDU:2025-12956VVD-CISA-2024-41729VVD-CISA-2024-45281VVD-CISA-2024-42371VVD-CISA-2024-44116VVD-CISA-2024-45285GHSA-43rj-h44p-4j25GHSA-4xpj-prjw-rc6pBDU:2025-12957BDU:2025-12959VVD-CISA-2024-44115EUVD-2024-41413VVD-CISA-2024-44113EUVD-2024-39171VVD-CISA-2024-45283EUVD-2024-40875GHSA-hxpq-9j27-gq6fH1-111752GHSA-vx3h-qc6g-v68qVVD-CISA-2024-44120VVD-CISA-2024-45279BDU:2025-06762BDU:2025-12958GHSA-h5hw-qx53-24grGHSA-63rm-q44g-v6m3EUVD-2024-39583BDU:2025-12954GHSA-2px3-mvqp-56jfVVD-CISA-2024-45284GHSA-hh3m-fgxm-fq25GHSA-4vq2-qg29-vjf5NCSC-2024-0378EUVD-2024-40879EUVD-2024-41418EUVD-2024-41417EUVD-2024-40878GHSA-36j4-jjhr-3m5rEUVD-2024-40872VVD-CERTCC-2013-987798EUVD-2024-40874VVD-CISA-2024-44114GHSA-fc6c-mjwq-f62wGHSA-27gg-xq5x-7qq6EUVD-2024-39172EUVD-2024-40876BDU:2025-12960VVD-CISA-2024-45280VVD-CISA-2024-44121GHSA-7242-jxqh-9vj3GHSA-57v4-696x-63w9GHSA-mgj4-x25v-wcfhVVD-CISA-2024-42380
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.