All the vulnerabilites related to SAP_SE - SAP NetWeaver AS for Java (Destination Service)
cve-2024-45283
Vulnerability from cvelistv5
Published
2024-09-10 04:52
Modified
2024-09-10 13:46
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP_SE | SAP NetWeaver AS for Java (Destination Service) |
Version: 7.50 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-45283", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T13:46:01.984548Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-10T13:46:19.680Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SAP NetWeaver AS for Java (Destination Service)", "vendor": "SAP_SE", "versions": [ { "status": "affected", "version": "7.50" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eSAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.\u003c/p\u003e" } ], "value": "SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-256", "description": "CWE-256: Plaintext Storage of a Password", "lang": "eng", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T04:52:30.209Z", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "url": "https://me.sap.com/notes/3477359" }, { "url": "https://url.sap/sapsecuritypatchday" } ], "source": { "discovery": "UNKNOWN" }, "title": "Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2024-45283", "datePublished": "2024-09-10T04:52:30.209Z", "dateReserved": "2024-08-26T10:39:20.933Z", "dateUpdated": "2024-09-10T13:46:19.680Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }