CVE-2024-22127

CWE-77 — Command Injection CWE-94 — Code Injection3 documents3 sources

Severity

9.1CRITICAL

EPSS

2.5%

top 14.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver AS Java (administrator LOG Viewer Plug-in)SAP Netweaver Application Server Java

Timeline

PublishedMar 12

Description

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_as_java_(administrator_log_viewer_plug-in)7.50

▶NVDsap/netweaver_application7.5

🔴Vulnerability Details

GHSA

GHSA-j64p-69wq-hp65: SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7↗2024-03-12

▶

CVEList

Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)↗2024-03-12

▶