CVE-2024-47582

Published Dec 10, 2024

Last updated 3 months ago

CVSS medium 5.3

Overview

Description
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application.
Source
cna@sap.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

cna@sap.com
CWE-611

Social media

Hype score
Not currently trending

  1. CVE-2024-47582 Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes … https://t.co/hwDG0IdnwF

    @CVEnew

    10 Dec 2024

    123 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References