← back
CVE-2024-45283

Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)

CVSS 6 MEDIUMEPSS 0.2%CWE-256
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Sep 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected products
SAP_SE · SAP NetWeaver AS for Java (Destination Service)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://me.sap.com/notes/3477359https://url.sap/sapsecuritypatchday