CVE-2024-27898

SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.
Configurations

No configuration.

History

21 Nov 2024, 09:05

Type Values Removed Values Added
References () https://me.sap.com/notes/3425188 - () https://me.sap.com/notes/3425188 -
References () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - () https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -

09 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) La aplicación SAP NetWeaver, debido a una validación de entrada insuficiente, permite a un atacante enviar una solicitud manipulada desde una aplicación web vulnerable dirigida a sistemas internos detrás de firewalls que normalmente son inaccesibles para un atacante desde la red externa, lo que resulta en una vulnerabilidad Server-Side Request Forgery. Teniendo así un bajo impacto en la confidencialidad.

09 Apr 2024, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-11-21 09:05


NVD link : CVE-2024-27898

Mitre link : CVE-2024-27898

CVE.ORG link : CVE-2024-27898


JSON object : View

Products Affected

No product.

CWE
CWE-918

Server-Side Request Forgery (SSRF)