CVE-2024-22127

CRITICAL

SAP NetWeaver Administrator AS Java - Command Injection

Title source: llm

Description

SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application.

Exploits (1)

nomisec WORKING POC 1 stars

by mylo-2001 · poc

https://github.com/mylo-2001/SAPSlayer

View Code ZIP pw:eip

References (2)

[Permissions Required] https://me.sap.com/notes/3433192

[Vendor Advisory] https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Scores

CVSS v3 9.1

EPSS 0.0249

EPSS Percentile 85.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-77

Status published

Products (1)

sap/netweaver_application_server_java 7.5

Published Mar 12, 2024

Tracked Since Feb 18, 2026