exploitDog

CVE-2024-27898

Опубликовано: 09 апр. 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.

Ссылки

https://me.sap.com/notes/3425188
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Vendor Advisory
https://me.sap.com/notes/3425188
Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.0022

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-qqv3-2v93-cwjw

CVSS3: 5.3

github

почти 2 года назад

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.

EPSS

Процентиль: 44%

0.0022

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-918