DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

SAP behebt kritischen SSRF-Fehler in den Adobe Document Services von NetWeaver

0
Teilen:

SAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services.

SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes.

The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score of 9.1), in the Adobe Document Service component of NetWeaver. An attacker with administrative privileges can exploit the vulnerability to send a crafted request from a vulnerable web application. Successful exploitation can allow attackers to read or modify any file and/or make the entire system unavailable.

The vulnerability impacts versions ADSSSAP 7.50.

“Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability.” reads the advisory. “On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable.”

The company also addressed other two vulnerabilities, tracked as  CVE-2024-47579 and CVE-2024-47580, as part of the same security notes that was labeled as ‘hot news’.

Bot vulnerabilities are medium-severity issues that could be exploited by an attacker with administrative access to read files on the server.

“These vulnerabilities, tracked as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, collectively expose organizations to potential server-side request forgery (SSRF), unauthorized file access, and information disclosure.” reads the analysis published by Onapsis.

SAP also addressed a Cross-Site Scripting (XSS) vulnerability (CVSS score of 8.8), tracked as CVE-2024-47590, in Web Dispatcher.

The company fixed an Information Disclosure vulnerability through Remote Function Call (RFC), tracked as CVE-2024-54198 (CVSS score of 8.5) in SAP NetWeaver Application Server ABAP

The company is not aware of attacks in the wild exploiting one of the issues addressed with the release of December 2024 Security Patch Day.

Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
10:01 am, Juni 15, 2025
Wetter-Symbol 18°C
L: 18° | H: 19°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 70 %
Druck: 1021 mb
Wind: 10 mph WSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 40%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:42 am
Sonnenuntergang: 9:19 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
18° | 19°°C 0 mm 0% 12 mph 74 % 1025 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
14° | 25°°C 0 mm 0% 9 mph 85 % 1028 mb 0 mm/h
Di. Juni 17 10:00 pm
Wetter-Symbol
16° | 26°°C 0 mm 0% 10 mph 83 % 1027 mb 0 mm/h
Mi. Juni 18 10:00 pm
Wetter-Symbol
15° | 27°°C 0 mm 0% 7 mph 76 % 1026 mb 0 mm/h
Do. Juni 19 10:00 pm
Wetter-Symbol
17° | 28°°C 0 mm 0% 10 mph 76 % 1027 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
18° | 19°°C 0 mm 0% 9 mph 70 % 1021 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
20° | 22°°C 0 mm 0% 9 mph 64 % 1021 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
22° | 24°°C 0 mm 0% 11 mph 49 % 1022 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
21° | 21°°C 0 mm 0% 12 mph 54 % 1023 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 8 mph 74 % 1025 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
15° | 15°°C 0 mm 0% 5 mph 84 % 1027 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
14° | 14°°C 0 mm 0% 3 mph 85 % 1027 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
16° | 16°°C 0 mm 0% 3 mph 76 % 1028 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€91,116.46
0.13%
Ethereum(ETH)
€2,183.51
-0.54%
Fesseln(USDT)
€0.87
0.00%
XRP(XRP)
€1.86
-1.09%
Solana(SOL)
€125.82
-0.28%
USDC(USDC)
€0.87
0.00%
Dogecoin(DOGE)
€0.151374
-1.20%
Shiba Inu(SHIB)
€0.000010
-1.34%
Pepe(PEPE)
€0.000010
-0.35%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen