CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24743 – XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
https://notcve.org/view.php?id=CVE-2024-24743
13 Feb 2024 — SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. SAP NetWeaver AS Java (CAF - Procedimientos guiados): versión 7.50, permite a un atacante no autenticado enviar una solicitud maliciosa con un archivo XML manipulado a través de... • https://me.sap.com/notes/3426111 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-33671
https://notcve.org/view.php?id=CVE-2021-33671
14 Jul 2021 — SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data. SAP NetWeaver Guided Procedures (Administration Workset), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7... • https://launchpad.support.sap.com/#/notes/3059446 • CWE-862: Missing Authorization •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0CVE-2020-6187
https://notcve.org/view.php?id=CVE-2020-6187
12 Feb 2020 — SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service. SAP NetWeaver (Guided Procedures), versiones 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente la entrada de un documento XML de un administrador comprometido, conllevando a una Denegación de Servicio. • https://launchpad.support.sap.com/#/notes/2864415 • CWE-611: Improper Restriction of XML External Entity Reference •