Products
SAP NetWeaver AS for Java
Source
cna@sap.com
Tags
CVE-2024-45283 details
Published : Sept. 10, 2024, 5:15 a.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Last Modified : Sept. 10, 2024, 12:09 p.m.
Description
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.0 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-256 | Plaintext Storage of a Password | Storing a password in plaintext may result in a system compromise. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
Base Score
6.0
Exploitability Score
1.5
Impact Score
4.0
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
References
| URL | Source |
|---|---|
| https://me.sap.com/notes/3477359 | cna@sap.com |
| https://url.sap/sapsecuritypatchday | cna@sap.com |
This website uses the NVD API, but is not approved or certified by it.