CVE-2024-22127
Published: 12 March 2024
Summary
CVE-2024-22127 is a critical-severity Command Injection (CWE-77) vulnerability in Sap Netweaver Application Server Java. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 14.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-19723
Vulnerability details
SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause…
more
high impact on confidentiality, integrity and availability of the application.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.