CVE-2024-27899

EUVD-2024-25091
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
sapCNA
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Common Weakness Enumeration
References
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
https://me.sap.com/notes/3434839
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364