CVE-2024-47578Server-Side Request Forgery in SE SAP Netweaver AS FOR Java

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
9.1CRITICALNVD
EPSS
0.2%
top 62.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AS FOR Java
Timeline
PublishedDec 10

Description

Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_as_for_javaADSSSAP 7.50

🔴Vulnerability Details

2
GHSA
GHSA-2vxm-9c9f-7q2m: Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application2024-12-10
CVEList
Multiple vulnerabilities in SAP NetWeaver AS for JAVA(Adobe Document Services)2024-12-10
CVE-2024-47578 — Server-Side Request Forgery | cvebase