CVE-2024-27899

Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine

CVSS 8.8 HIGHEPSS 0.4%CWE-640

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

09 abr 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L

Produtos afetados

SAP_SE · SAP NetWeaver AS Java User Management Engine

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3434839 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364