CVE-2024-24743— XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

XML外部实体引用的不恰当限制(XXE)

SAP NetWeaver AS 代码问题漏洞

SAP NetWeaver AS是德国思爱普（SAP）公司的一款SAP网络应用服务器。它不仅能提供网络服务，且还是SAP软件的基本平台。 SAP NetWeaver AS Java 7.50 版本存在代码问题漏洞，该漏洞源于允许未经身份验证的攻击者通过网络提交带有精心设计的 XML 文件的恶意请求，该请求在解析后将使他能够访问敏感文件和数据。

N/A

N/A