CVE-2024-47593: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

SAP NetWeaver Application Server ABAP contains a security vulnerability (CVE-2024-47593) that allows an unauthenticated attacker with network access to read files from the server that would otherwise be restricted. This vulnerability is specifically exploitable when a Web Dispatcher or some sort of Proxy Server is in use, and the targeted file was previously opened or downloaded in an application based on SAP GUI for HTML Technology (NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires user interaction (UI:R), has a unchanged scope (S:U), and can impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N). The vulnerability is classified under CWE-276 (Incorrect Default Permissions) (NVD).

The exploitation of this vulnerability can lead to unauthorized file access on the affected server. However, according to the vulnerability description, this will not compromise the application's integrity or availability. The impact is limited to confidentiality breaches of files that were previously accessed through SAP GUI for HTML Technology (NVD).

SAP has released security patches to address this vulnerability. Users should refer to SAP Security Note 3508947 for detailed mitigation instructions and apply the necessary updates (SAP Security Notes).