Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
History

Tue, 10 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 10 Dec 2024 00:45:00 +0000

Type Values Removed Values Added
Description Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
Title XML Entity Expansion Vulnerability in SAP NetWeaver AS JAVA
Weaknesses CWE-611
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-12-10T00:12:24.270Z

Updated: 2024-12-10T20:38:26.239Z

Reserved: 2024-09-27T20:05:49.544Z

Link: CVE-2024-47582

cve-icon Vulnrichment

Updated: 2024-12-10T20:38:22.466Z

cve-icon NVD

Status : Received

Published: 2024-12-10T01:15:06.280

Modified: 2024-12-10T01:15:06.280

Link: CVE-2024-47582

cve-icon Redhat

No data.