CVE-2024-47592 MEDIUM

CVE-2024-47592: Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)

Vendor Sap_Se

Product SAP NetWeaver Application Server Java (Logon Application)

Weakness CWE-307 · Brute force

Published November 12, 2024

Last update November 12, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

Description

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.

Key dates

Disclosure timeline

November 12, 2024 CVE published

November 12, 2024 Record updated

Identifiers

CVE CVE-2024-47592

CWE CWE-307

CVSS 5.3 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP NetWeaver Application Server Java (Logon Application)

Affected SERVERCORE 7.5