CVE-2024-27899: Security misconfiguration vulnerability in SAP NetWeaver AS Java User Management Engine
First published: Tue Apr 09 2024(Updated: )
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS for Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-27899?
CVE-2024-27899 is classified as a medium severity vulnerability that can impact confidentiality.
How do I fix CVE-2024-27899?
To mitigate CVE-2024-27899, apply the security updates provided by SAP for NetWeaver AS Java.
What kind of attacks can exploit CVE-2024-27899?
CVE-2024-27899 can be exploited by attackers to manipulate user profiles and access sensitive information.
Is CVE-2024-27899 specific to a version of SAP NetWeaver AS Java?
Yes, CVE-2024-27899 specifically affects the User Admin Application in the SAP NetWeaver AS Java platform.
How does CVE-2024-27899 affect user accounts?
CVE-2024-27899 allows attackers to improperly set security answers, potentially gaining unauthorized access to user accounts.
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as for java