CVE-2024-47582: XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
First published: Tue Dec 10 2024(Updated: )
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS for Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47582?
CVE-2024-47582 is rated as having limited impact, primarily affecting application availability.
How do I fix CVE-2024-47582?
To address CVE-2024-47582, validate and sanitize XML input to prevent XML Entity Expansion attacks.
Which software is affected by CVE-2024-47582?
CVE-2024-47582 affects the SAP NetWeaver AS JAVA product.
Can CVE-2024-47582 be exploited by authenticated users?
No, CVE-2024-47582 can be exploited by unauthenticated attackers.
What type of attack is associated with CVE-2024-47582?
CVE-2024-47582 is associated with XML Entity Expansion attacks due to missing validation of XML input.
- agent/references
- agent/title
- agent/first-publish-date
- agent/type
- agent/description
- collector/nvd-api
- source/NVD
- agent/weakness
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as for java