CVE-2024-27899

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27899
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Configurations

No configuration.

History

09 Apr 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Self-Registration and Modify your own profile en User Admin Application de NetWeaver AS Java no exige requisitos de seguridad adecuados para el contenido de la respuesta de seguridad recién definida. Un atacante puede aprovechar esto para causar un profundo impacto en la confidencialidad y un bajo impacto tanto en la integridad como en la disponibilidad.

09 Apr 2024, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-09 01:15

Updated : 2024-04-09 12:48

NVD link : CVE-2024-27899

Mitre link : CVE-2024-27899

CVE.ORG link : CVE-2024-27899

JSON object : View

Products Affected

No product.

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024