- Description
- Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
- Source
- cna@sap.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
- Severity
- MEDIUM
- cna@sap.com
- CWE-611
- Hype score
- Not currently trending
SAP Netweaver refuse to pay for my RCE's and accepted as Informational, But today by look I found my vulnerabilitys published as CVE with critical impact. https://t.co/vsPwHRg3jT (CVE-2024-47578) (CVE-2024-47580) (CVE-2024-47582) https://t.co/cDMacONQV0
@Djaballah_Med_T
14 Apr 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-47582 Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes … https://t.co/hwDG0IdnwF
@CVEnew
10 Dec 2024
123 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes