CVE-2024-27899

Summary

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver AS Java User Management EngineSERVERCORE 7.50affected
SAP_SESAP NetWeaver AS Java User Management EngineJ2EE-APPS 7.50affected
SAP_SESAP NetWeaver AS Java User Management EngineUMEADMIN 7.50affected

Weaknesses

  • CWE-640: CWE-640: Weak Password Recovery Mechanism

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References