CVE-2024-24740: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server (ABAP) contains a security vulnerability identified as CVE-2024-24740. The vulnerability affects multiple versions including KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, and KRNL64UC 7.53. Under certain conditions, this vulnerability allows an attacker to access restricted information, resulting in a low impact on the confidentiality of the application (CVE-MITRE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium). The attack vector is Network-based with low attack complexity, requires no privileges or user interaction, and has an unchanged scope. The vulnerability primarily affects confidentiality with a low impact, while integrity and availability remain unaffected (AttackerKB).

The primary impact of this vulnerability is on the confidentiality of information, allowing unauthorized access to data that should otherwise be restricted. The impact is classified as low, affecting only the confidentiality aspect of the security triad, with no reported impact on system integrity or availability (AttackerKB).

SAP has released security notes and patches to address this vulnerability. Users are advised to refer to SAP Security Note 3360827 for detailed mitigation instructions (CERT-FR).