CVE-2024-47582 MEDIUM

CVE-2024-47582: XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA

Vendor Sap_Se

Product SAP NetWeaver AS JAVA

Weakness CWE-611 · XXE

Published December 10, 2024

Last update December 10, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

Description

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.

Key dates

Disclosure timeline

December 10, 2024 CVE published

December 10, 2024 Record updated