CVE-2024-47593
📋 TL;DR
CVE-2024-47593 is an information disclosure vulnerability in SAP NetWeaver Application Server ABAP that allows unauthenticated attackers with network access to read restricted files from the server. This only affects systems using Web Dispatcher or proxy servers where files were previously opened/downloaded via SAP GUI for HTML. The vulnerability does not compromise system integrity or availability.
💻 Affected Systems
- SAP NetWeaver Application Server ABAP
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Sensitive configuration files, logs, or business data could be exposed to attackers, potentially leading to further attacks or data breaches.
Likely Case
Limited file disclosure of previously accessed files, potentially exposing non-critical information.
If Mitigated
No impact if proper network segmentation and access controls prevent unauthenticated access to affected components.
🎯 Exploit Status
Exploitation requires specific conditions: Web Dispatcher/proxy presence and prior file access via SAP GUI for HTML.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply SAP Security Note 3508947
Vendor Advisory: https://me.sap.com/notes/3508947
Restart Required: Yes
Instructions:
1. Download SAP Note 3508947 from SAP Support Portal. 2. Apply the correction instructions per SAP standard procedures. 3. Restart affected SAP systems as required.
🔧 Temporary Workarounds
Restrict Web Dispatcher Access
allLimit network access to Web Dispatcher/proxy servers to trusted sources only.
Use firewall rules to restrict access to Web Dispatcher ports (typically 80/443)
Disable SAP GUI for HTML
allIf not required, disable SAP GUI for HTML functionality.
Consult SAP documentation for disabling SAP GUI for HTML components
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Web Dispatcher/proxy servers
- Monitor and audit file access patterns via SAP GUI for HTML
🔍 How to Verify
Check if Vulnerable:
Check if SAP Note 3508947 is applied via transaction SNOTE or check system version against affected versions in SAP Note.Check Version:
Use SAP transaction SM51 or SM50 to check system details and applied notes.Verify Fix Applied:
Verify SAP Note 3508947 is successfully implemented and test file access attempts from unauthenticated sources.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from unauthenticated sources
- Multiple failed file access attempts
Network Indicators:
- Unusual HTTP requests to Web Dispatcher for file paths
- Traffic patterns matching file enumeration
SIEM Query:
source="web_dispatcher" AND (http_method="GET" OR http_method="POST") AND uri CONTAINS "/sap/public/" AND response_code=200