Vulnerability DatabaseCVE-2024-33001

CVE-2024-33001:
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

Overview

A Denial of Service vulnerability (CVE-2024-33001) has been identified in SAP NetWeaver and ABAP platform. The vulnerability was disclosed on June 10, 2024, and allows attackers to impede performance for legitimate users by crashing or flooding the service (NVD, CERT-FR). The affected systems include SAP NetWeaver Application Server ABAP and ABAP Platform versions SAP_BASIS 740-758, 795, 796, and ST-PI versions 2008_1_700, 2008_1_710, and 740.

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness has been categorized under CWE-400 (Uncontrolled Resource Consumption) by SAP SE (NVD).

Impact

The exploitation of this vulnerability can result in long response delays and service interruptions, significantly degrading the service quality experienced by legitimate users. This causes a high impact on the availability of the application (NVD).

Mitigation and workarounds

SAP has released security patches to address this vulnerability. Users are advised to refer to SAP Security Note 3453170 for detailed mitigation instructions (SAP Security Notes).

Additional resources

Source: This report was generated using AI

Related SAP NetWeaver Application Server ABAP vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-0488	CRITICAL	9.9	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Feb 10, 2026
CVE-2026-0509	CRITICAL	9.6	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Feb 10, 2026
CVE-2026-23687	HIGH	8.8	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Feb 10, 2026
CVE-2026-0506	HIGH	8.1	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Jan 13, 2026
CVE-2025-42902	MEDIUM	5.3	SAP NetWeaver Application Server ABAP	cpe:2.3:a:sap:netweaver_application_server_abap	No	Yes	Oct 14, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2024-33001: SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation