Security Vulnerability in Self-Registration and Profile Modification in NetWeaver AS Java
CVE-2024-27899

Currently unrated

Key Information:

Vendor: SAP
Vendor: CVE Published:; 9 April 2024

Badges

📰 News Worthy

Summary

Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.

News Articles

prophaze.com

CVE-2024-27899

CVE-2024-27899 : SAP NETWEAVER AS JAVA USER MANAGEMENT ENGINE 7.50 USER ADMIN APPLICATION PASSWORD RECOVERY - Cloud WAF

CVE-2024-27899 : Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer.

9 months ago

References

https://me.sap.com/notes/3434839

https://support.sap.com/en/my-support/knowledge-base/secu...

Timeline

📰
First article discovered by prophaze.com
Apr 9, 2024
Vulnerability published
Apr 9, 2024