SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
History

Thu, 07 Nov 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap netweaver Application Server Java
CPEs cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
Vendors & Products Sap
Sap netweaver Application Server Java

cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-02-13T02:43:40.755Z

Updated: 2024-11-07T19:10:20.078Z

Reserved: 2024-01-29T05:13:46.618Z

Link: CVE-2024-24743

cve-icon Vulnrichment

Updated: 2024-08-01T23:28:11.817Z

cve-icon NVD

Status : Analyzed

Published: 2024-02-13T03:15:09.393

Modified: 2024-10-16T21:17:44.610

Link: CVE-2024-24743

cve-icon Redhat

No data.