CVE-2024-24743

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*

History

16 Oct 2024, 21:17

Type Values Removed Values Added
CPE cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.6
v2 : unknown
v3 : 7.5
First Time Sap netweaver Application Server Java
Sap
References () https://me.sap.com/notes/3426111 - () https://me.sap.com/notes/3426111 - Permissions Required
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

13 Feb 2024, 14:01

Type Values Removed Values Added
Summary
  • (es) SAP NetWeaver AS Java (CAF - Procedimientos guiados): versión 7.50, permite a un atacante no autenticado enviar una solicitud maliciosa con un archivo XML manipulado a través de la red, que cuando se analiza le permitirá acceder a archivos y datos confidenciales, pero no modificarlos. Existen límites de expansión establecidos para que la disponibilidad no se vea afectada.

13 Feb 2024, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-13 03:15

Updated : 2024-10-16 21:17


NVD link : CVE-2024-24743

Mitre link : CVE-2024-24743

CVE.ORG link : CVE-2024-24743


JSON object : View

Products Affected

sap

  • netweaver_application_server_java
CWE
CWE-611

Improper Restriction of XML External Entity Reference