CVE-2024-24743 HIGH

CVE-2024-24743: XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

Vendor Sap_Se

Product SAP NetWeaver AS Java (Guided Procedures)

Weakness CWE-611 · XXE

Published February 13, 2024

Last update November 7, 2024

View on NVD All CVEs

CVSS base score

8.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

Description

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.

Key dates

Disclosure timeline

February 13, 2024 CVE published

November 7, 2024 Record updated