CVE-2024-47582XML External Entity (XXE) Injection in SE SAP Netweaver AS Java

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 68.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AS Java
Timeline
PublishedDec 10

Description

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_netweaver_as_javaLM-CORE 7.50

🔴Vulnerability Details

2
CVEList
XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA2024-12-10
GHSA
GHSA-rmmh-6g98-m869: Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion atta2024-12-10
CVE-2024-47582 — XML External Entity (XXE) Injection | cvebase