← back
CVE-2024-47582

XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA

CVSS 5.3 MEDIUMEPSS 0.4%CWE-611
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Dec 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected products
SAP_SE · SAP NetWeaver AS JAVA

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3351041https://url.sap/sapsecuritypatchday