CVE-2024-24743

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java versions 7.50

Description: The issue is related to the incorrect restriction of XML links to external objects in the Guided Procedures component of SAP NetWeaver AS for Java. This can be exploited by a remote attacker using a specially crafted XML file to gain unauthorized access to confidential information. The attacker can submit a malicious request with the crafted XML file over the network, allowing access to sensitive files and data, though not modification. There are limits in place to prevent impact on availability.

Recommendations: For version 7.50, consider restricting access to the Guided Procedures component until a fix is available. As a temporary workaround, avoid using the XML file parsing functionality in the affected component to minimize the risk of exploitation.