VYPR
Unrated severityNVD Advisory· Published Feb 13, 2024· Updated Nov 7, 2024

XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)

CVE-2024-24743

Description

SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.