SAP NetWeaver Administrator AS Java Vulnerability Could Lead to Command Injection

CVE-2024-22127

9.1CRITICAL

Key Information

Vendor: SAP
Status: SAP Netweaver As Java (administrator Log Viewer Plug-in)
Vendor: CVE Published:; 12 March 2024

Summary

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

Affected Version(s)

SAP NetWeaver AS Java (Administrator Log Viewer plug-in) = 7.50

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 9.1 - (CRITICAL)
Aug 27, 2024
Vulnerability published.
Mar 12, 2024

Collectors

NVD DatabaseMitre Database