CVE-2024-24743: XXE vulnerability in SAP NetWeaver AS Java (Guided Procedures)
First published: Tue Feb 13 2024(Updated: )
SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS JAVA | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-24743?
CVE-2024-24743 has been categorized as a critical vulnerability due to the potential for unauthorized access to sensitive files.
How do I fix CVE-2024-24743?
To mitigate CVE-2024-24743, ensure that your SAP NetWeaver AS Java version is updated to the latest patch released by SAP.
Who is affected by CVE-2024-24743?
CVE-2024-24743 affects users running SAP NetWeaver AS Java version 7.50.
What types of attacks are possible with CVE-2024-24743?
CVE-2024-24743 allows unauthenticated attackers to access sensitive files through crafted XML requests.
Can CVE-2024-24743 be exploited remotely?
Yes, CVE-2024-24743 can be exploited remotely over the network without authentication.
- agent/weakness
- agent/title
- agent/references
- agent/author
- agent/type
- agent/description
- agent/first-publish-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/severity
- agent/softwarecombine
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as java
- version/sap netweaver as java/7.50