CVE-2024-27899

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Configurations

No configuration.

History

09 Apr 2024, 12:48

Type	Values Removed	Values Added
Summary		(es) Self-Registration and Modify your own profile en User Admin Application de NetWeaver AS Java no exige requisitos de seguridad adecuados para el contenido de la respuesta de seguridad recién definida. Un atacante puede aprovechar esto para causar un profundo impacto en la confidencialidad y un bajo impacto tanto en la integridad como en la disponibilidad.

09 Apr 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-04-09 01:15

Updated : 2024-04-09 12:48

NVD link : CVE-2024-27899

Mitre link : CVE-2024-27899

CVE.ORG link : CVE-2024-27899

JSON object : View

Products Affected

No product.

CWE

CWE-640

Weak Password Recovery Mechanism for Forgotten Password

8.8 /10