CVE-2024-47582
📋 TL;DR
This CVE describes an XML Entity Expansion (XXE) vulnerability in SAP software where unauthenticated attackers can send malicious XML input to an endpoint. This causes denial of service through resource exhaustion, affecting the availability of the application. All systems running vulnerable SAP products are affected.
💻 Affected Systems
- SAP products (specific products not detailed in provided references)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete application denial of service through resource exhaustion, potentially affecting multiple services or systems.
Likely Case
Temporary service degradation or unavailability of specific endpoints until the attack stops.
If Mitigated
Minimal impact with proper XML input validation and entity expansion limits in place.
🎯 Exploit Status
Attack requires sending specially crafted XML to vulnerable endpoints. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: See SAP Note 3351041 for specific patch versions
Vendor Advisory: https://me.sap.com/notes/3351041
Restart Required: Yes
Instructions:
1. Review SAP Note 3351041 for affected products. 2. Apply the security patch from SAP. 3. Restart affected services. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Disable XML external entities
allConfigure XML parsers to disable external entity processing
Configuration depends on specific SAP product and XML parser
Implement XML input validation
allAdd strict validation of XML input before processing
Implement XML schema validation or input filtering
🧯 If You Can't Patch
- Implement network segmentation to restrict access to vulnerable endpoints
- Deploy web application firewall with XXE protection rules
🔍 How to Verify
Check if Vulnerable:
Check if your SAP product version is listed in SAP Note 3351041 as vulnerableCheck Version:
Use SAP transaction code SM51 or check product-specific version commandsVerify Fix Applied:
Verify patch installation and test XML endpoints with safe payloads📡 Detection & Monitoring
Log Indicators:
- Unusually large XML payloads
- Multiple XML parsing errors
- High resource consumption on XML processing endpoints
Network Indicators:
- Large XML payloads sent to SAP endpoints
- Repeated XML requests to same endpoint
SIEM Query:
source="sap_logs" AND (message="XML parsing error" OR message="entity expansion")