CVE-2024-22127
Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)
Severity Score
9.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.
SAP NetWeaver Administrator AS Java (complemento Administrator Log Viewer): versión 7.50, permite a un atacante con altos privilegios cargar archivos potencialmente peligrosos, lo que conduce a una vulnerabilidad de inyección de comandos. Esto permitiría al atacante ejecutar comandos que pueden causar un gran impacto en la confidencialidad, integridad y disponibilidad de la aplicación.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-05 CVE Reserved
- 2024-03-12 CVE Published
- 2024-03-12 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://me.sap.com/notes/3433192 | ||
| https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP NetWeaver AS Java (Administrator Log Viewer Plug-in) Search vendor "SAP SE" for product "SAP NetWeaver AS Java (Administrator Log Viewer Plug-in)" | 7.50 Search vendor "SAP SE" for product "SAP NetWeaver AS Java (Administrator Log Viewer Plug-in)" and version "7.50" | en |
Affected
| ||||||