CVE-2024-24743
Last modified
CVE-2024-24743 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. . EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Java | 7.50 |
References
- https://me.sap.com/notes/3426111Permissions Required
- https://me.sap.com/notes/3426111Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-24743?
How severe is CVE-2024-24743?
How do I fix CVE-2024-24743?
Are you affected by CVE-2024-24743?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST