SAP Critical Vulnerability Exposes Systems to Complete Takeover - 20240516003¶
Overview¶
The WA SOC has been made aware of a critical vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. This vulnerability allows an unauthenticated attacker to upload a malicious file to the server, potentially leading to complete system compromise when accessed by a victim.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-33006 | Critical | 9.6 | SAP_BASIS versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 758 | An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system | 14/05/2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2024.html
Additional References¶
- N/A