Lucene search

SapVULNRICHMENT:CVE-2024-22127

HistoryMar 12, 2024 - 12:29 a.m.

CVE-2024-22127 Code Injection vulnerability in SAP NetWeaver AS Java (Administrator Log Viewer plug-in)

2024-03-1200:29:27

CWE-94

sap

github.com

cve-2024-22127

sap netweaver

command injection

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*"
    ],
    "vendor": "sap",
    "product": "netweaver",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

me.sap.com/notes/3433192

support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

7.6

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-22127