CVE-2024-27899

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS Java (affected versions not specified)

Description The issue is related to the User Admin Application in SAP NetWeaver AS Java, where the self-registration and profile modification functions do not enforce proper security requirements for the content of newly defined security answers. This can be exploited by an attacker to cause significant impact on confidentiality and low impact on both integrity and availability. The vulnerability is also associated with inadequate exception handling, which can be leveraged by a remote attacker to affect the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.