SAP Saves the Day: Patch Party Crushes Critical NetWeaver Vulnerability!
SAP patched a critical SSRF flaw in NetWeaver’s Adobe Document Services. The flaw, CVE-2024-47578, could let attackers read or modify files or crash systems. This update is part of SAP’s December 2024 Security Patch Day, addressing 16 vulnerabilities in total. Who knew documents could be so dangerously crafty?
Hot Take:
Looks like SAP’s NetWeaver is living up to its name by weaving a whole new web of vulnerabilities! This time, it’s the Adobe Document Services on the hot seat, and it’s not because of its stellar document formatting. It’s because hackers could use it to format your entire system into a non-functional piece of art! But fear not, SAP has swooped in with patches faster than you can say “SSRF!”
Key Points:
- SAP patched 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services.
- The most severe flaw, CVE-2024-47578, scored a 9.1 on the CVSS and could allow attackers to control the system.
- Other vulnerabilities include medium-severity issues CVE-2024-47579 and CVE-2024-47580.
- SAP also addressed a high-severity XSS vulnerability (CVE-2024-47590) in Web Dispatcher.
- No known exploits in the wild for these vulnerabilities as of the latest patch release.
Already a member? Log in here