CVE-2024-45285: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

CVE-2024-45285 is a security vulnerability in SAP's RFC enabled function module that was disclosed on September 10, 2024. The vulnerability allows a low-privileged user to perform denial of service attacks on any user and manipulate or delete favourite nodes within the SAP GUI system (NVD).

The vulnerability exists in the RFC enabled function module where a low-privileged attacker can send crafted packets targeting specific parameters. When successfully exploited, the targeted user loses access to SAP GUI functionality. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility with low attack complexity and requiring low privileges (NVD).

The exploitation of this vulnerability results in a dual impact: first, it enables attackers to perform denial of service attacks that prevent targeted users from accessing SAP GUI functionality; second, it allows the manipulation or deletion of favourite nodes. The vulnerability has been assessed to have a low impact on both the integrity and availability of the application (NVD).

SAP has released security patches to address this vulnerability. Users are advised to refer to SAP Security Note 3488039 for detailed mitigation instructions (SAP Note, SAP Security).