1. Home
  2. CVE Database
  3. CVE-2024-54198
HIGH · 8.5

CVE-2024-54198

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose cred...

Vulnerability Description

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.

CVSS Score

8.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Related Weaknesses (CWE)

CWE-914

References

FAQ

What is CVE-2024-54198?

CVE-2024-54198 is a vulnerability with a CVSS score of 8.5 (HIGH). In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose cred...

How severe is CVE-2024-54198?

CVE-2024-54198 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-54198?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.