March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Lumma Stealer Malware aka LummaC – Active IOCs
January 13, 2025
SOC Compliance and Auditing: Ensuring Regulatory Adherence
January 13, 2025Lumma Stealer Malware aka LummaC – Active IOCs
January 13, 2025SOC Compliance and Auditing: Ensuring Regulatory Adherence
January 13, 2025
Severity
Medium
Analysis Summary
CVE-2024-47582 CVSS:5.3
SAP NetWeaver AS JAVA is vulnerable to a denial of service, caused by missing validation of XML input. By sending a specially crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-47581 CVSS:4.3
SAP HCM could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper authorization validation. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Denial of Service
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2024-47582
CVE-2024-47581
Affected Vendors
SAP
Affected Products
- SAP NetWeaver AS JAVA - LM-CORE 7.50
- SAP HCM - S4HCMGXX 101
Remediation
Current SAP customers should refer to SAP note for patch information, available from the SAP Website (login required).