CVE-2024-22127
9.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver AS Java (Administrator Log Viewer plug-in) | 7.50 | affected |
Weaknesses
- CWE-77: CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://me.sap.com/notes/3433192
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://me.sap.com/notes/3433192
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.