Security Vulnerability in Self-Registration and Profile Modification in NetWeaver AS Java
CVE-2024-27899

8.8HIGH

Key Information:

Vendor

SAP
Status
SAP Netweaver As Java User Management Engine
Vendor
CVE Published:
9 April 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-27899?

A vulnerability exists within the User Admin Application of SAP's NetWeaver AS Java that fails to enforce adequate security measures for newly defined security answers during self-registration and profile modifications. This oversight presents an opportunity for attackers to exploit the system, potentially compromising user confidentiality, and posing a risk to integrity and availability. Users are advised to review security settings and apply necessary updates to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP NetWeaver AS Java User Management Engine SERVERCORE 7.50

SAP NetWeaver AS Java User Management Engine J2EE-APPS 7.50

SAP NetWeaver AS Java User Management Engine UMEADMIN 7.50

News Articles

favicon imageprophaze.com

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.

References

https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/secu...

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by prophaze.com

  • Vulnerability published

JSON
.