May 16, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan – Active IOCs
July 24, 2024CVE-2024-41107 – Apache CloudStack Vulnerability
July 24, 2024Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan – Active IOCs
July 24, 2024CVE-2024-41107 – Apache CloudStack Vulnerability
July 24, 2024
Severity
Medium
Analysis Summary
CVE-2024-39600 CVSS:5
SAP GUI for Windows could allow a local authenticated attacker to obtain sensitive information, caused by the storage of passwords in the memory. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain password information, and use this information to launch further attacks against the affected system.
CVE-2024-39594 CVSS:6.1
SAP Business Warehouse is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2024-39596 CVSS:4.3
SAP Enable Now could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to obtain restricted information.
CVE-2024-39599 CVSS:4.7
SAP NetWeaver Application Server for ABAP and ABAP Platform could allow a remote authenticated attacker to bypass security restrictions, caused by a protection mechanism failure. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the configured malware scanner API.
CVE-2024-37173 CVSS:6.1
SAP CRM is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Impact
- Information Disclosure
- Cross-Site Scripting
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-39600
- CVE-2024-39594
- CVE-2024-39596
- CVE-2024-39599
- CVE-2024-37173
Affected Vendors
SAP
Affected Products
- SAP NetWeaver AS ABAP 700
- SAP NetWeaver AS ABAP 701
- SAP NetWeaver AS ABAP 702
- SAP NetWeaver AS ABAP 740
- SAP NetWeaver AS ABAP 731
- SAP CRM S4FND 102
- SAP CRM S4FND 103
- SAP CRM S4FND 104
- SAP CRM S4FND 105
- SAP Business Warehouse 700
- SAP Business Warehouse 701
- SAP Business Warehouse 702
- SAP Business Warehouse 731
- SAP Business Warehouse 740
- SAP Enable Now WPB_MANAGER_CE 10
- SAP Enable Now WPB_MANAGER_HANA 10
- SAP Enable Now ENABLE_NOW_CONSUMP_DEL 1704
- SAP GUI for Windows BC-FES-GUI 8
Remediation
Current SAP customers should refer to SAP Security Document for patch information, available from the SAP Website. (login required)
