SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3426111 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
16 Oct 2024, 21:17
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Sap netweaver Application Server Java
Sap |
|
References | () https://me.sap.com/notes/3426111 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
13 Feb 2024, 14:01
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
13 Feb 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-13 03:15
Updated : 2024-10-16 21:17
NVD link : CVE-2024-24743
Mitre link : CVE-2024-24743
CVE.ORG link : CVE-2024-24743
JSON object : View
Products Affected
sap
- netweaver_application_server_java
CWE
CWE-611
Improper Restriction of XML External Entity Reference