CVE-2024-24743
HIGH WAF: High
CVSS 7.5
Published: 2024-02-13
CWE-611
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
WAF Coverage Analysis
XML External Entity (XXE)
High WAF Coverage
OWASP: A05:2021 Security Misconfiguration
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sap | netweaver_application_server_java | 7.50 |
References
- me.sap.com (Permissions Required)
- www.sap.com (Vendor Advisory)