CVE-2024-47582

MEDIUM

XML Input - Info Disclosure

Title source: llm

Description

Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.

References (2)

[Vendor Advisory] https://me.sap.com/notes/3351041

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 31.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

SAP_SE/SAP NetWeaver AS JAVA LM-CORE 7.50

Published Dec 10, 2024

Tracked Since Feb 18, 2026