CVE-2024-33005

Name of the Vulnerable Software and Affected Versions SAP Web Dispatcher (affected versions not specified) SAP NetWeaver Application Server (ABAP and Java) (affected versions not specified) SAP Content Server (affected versions not specified)

Description The issue is related to missing authorization checks in local systems, allowing admin users to impersonate other users and potentially perform unintended actions. This could lead to a low impact on confidentiality and a high impact on the integrity and availability of the applications.

Recommendations For SAP Web Dispatcher, consider implementing proper authorization checks to prevent admin users from impersonating other users. For SAP NetWeaver Application Server (ABAP and Java), restrict access to sensitive functions until proper authorization checks are in place. For SAP Content Server, limit the privileges of admin users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.