CVE-2024-41732

SAP NetWeaver Application Server ABAP allows
  an unauthenticated attacker to craft a URL link that could bypass allowlist
  controls. Depending on the web applications provided by this server, the
  attacker might inject CSS code or links into the web application that could
  allow the attacker to read or modify information. There is no impact on
  availability of application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
sapCNA
4.7 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Common Weakness Enumeration
References
https://me.sap.com/notes/3468102
https://url.sap/sapsecuritypatchday