← volver
CVE-2024-45283

Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)

CVSS 6 MEDIUMEPSS 0.2%CWE-256
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 sep 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Productos afectados
SAP_SE · SAP NetWeaver AS for Java (Destination Service)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3477359https://url.sap/sapsecuritypatchday