CVE-2024-47593

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP (affected versions not specified) SAP NetWeaver Java Application Server (affected versions not specified)

Description: The issue allows an unauthenticated attacker with network access to read files from the server that would otherwise be restricted. This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. The vulnerability is related to incorrectly used standard permissions in the SAP NetWeaver Java Application Server. Exploitation of the vulnerability may allow a remote attacker to disclose protected information. This will not compromise the application's integrity or availability.

Recommendations: For SAP NetWeaver Application Server ABAP, consider restricting access to sensitive files and directories until a patch is available. For SAP NetWeaver Java Application Server, review and correct the standard permissions to prevent unauthorized access to protected information. As a temporary workaround, consider disabling the use of Web Dispatcher or Proxy Server for sensitive applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.