CVE-2024-27899

CVSS V2 None CVSS V3 None

Description

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

Overview

CVE ID
CVE-2024-27899

Assigner
sap

Vulnerability Status
PUBLISHED

Published Version
2024-04-09T00:54:17.167Z

Last Modified Date
2024-06-04T17:47:04.705Z

Weakness Enumerations

CWE	URL
CWE-640	http://cwe.mitre.org/data/definitions/640.html

References

Reference URL	Reference Tags
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-27899
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27899

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 02:00:42				Added to TrackCVE