CVE-2024-42372 MEDIUM

CVE-2024-42372: Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)

Vendor Sap_Se

Product SAP NetWeaver AS Java (System Landscape Directory)

Weakness CWE-862 · Missing authorization

Published November 12, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

Description

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.

Key dates

Disclosure timeline

November 12, 2024 CVE published

November 12, 2024 Record updated

Identifiers

CVE CVE-2024-42372

CWE CWE-862

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver AS Java (System Landscape Directory)

Affected LM-SLD 7.5