Untrusted XML Document Validation Vulnerability Affects SAP ADS Rendering

CVE-2024-42374

8.2HIGH

Key Information

Vendor: SAP
Status: SAP Bex Web Java Runtime Export Web Service
Vendor: CVE Published:; 13 August 2024

Summary

BEx Web Java Runtime Export Web Service does not sufficiently validate an XML document accepted from an untrusted source. An attacker can retrieve information from the SAP ADS system and exhaust the number of XMLForm service which makes the SAP ADS rendering (PDF creation) unavailable. This affects the confidentiality and availability of the application.

Affected Version(s)

SAP BEx Web Java Runtime Export Web Service = BI-BASE-E 7.5

SAP BEx Web Java Runtime Export Web Service = BI-BASE-B 7.5

SAP BEx Web Java Runtime Export Web Service = BI-IBC 7.5

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 13, 2024
Vulnerability Reserved.
Jul 31, 2024

Collectors

NVD DatabaseMitre Database