CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Configurations

No configuration.

History

No history.

Information

Published : 2024-04-09 01:15

Updated : 2024-11-21 09:05

NVD link : CVE-2024-27899

Mitre link : CVE-2024-27899

CVE.ORG link : CVE-2024-27899

JSON object : View

Products Affected

No product.

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

8.8 /10