all InfoSec news
SAP Fixes Three High-Severity Flaws
Malware Analysis, News and Indicators - Latest topics malware.news
SAP has released security updates for three high-severity vulnerabilities in different products, including what it describes as a security misconfiguration flaw in SAP NetWeaver, which serves as the technical foundation for many SAP apps.
The issue (CVE-2024-27899) stems from password requirements not being checked in some features of SAP’s NetWeaver Application Server Java User Management Engine. Specifically, the “self-registration” and “modify your own profile" features don’t check that the existing password requirements are being met, which could potentially allow users …
application apps cve cve-2024 features fixes flaw flaws foundation high issue java management misconfiguration netweaver password products requirements sap security security misconfiguration security updates server severity technical updates user management vulnerabilities