← Volver a CVEs
CVE-2024-22127
CRITICAL9.1
Descripcion
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.
Detalles CVE
Puntuacion CVSS v3.19.1
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado3/12/2024
Ultima modificacion2/7/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
sap:netweaver_application_server_java
Debilidades (CWE)
CWE-77
Referencias
https://me.sap.com/notes/3433192(cna@sap.com)
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364(cna@sap.com)
https://me.sap.com/notes/3433192(af854a3a-2127-422b-91ae-364da2661108)
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.