CVE-2024-45283 MEDIUM

CVE-2024-45283: Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Destination Service)

Weakness CWE-256

Published September 10, 2024

Last update September 10, 2024

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

Description

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.

Key dates

Disclosure timeline

September 10, 2024 CVE published

September 10, 2024 Record updated

Identifiers

CVE CVE-2024-45283

CWE CWE-256

CVSS 6.0 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver AS for Java (Destination Service)

Affected 7.50