← volver
CVE-2024-47592

Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)

CVSS 5.3 MEDIUMEPSS 0.3%CWE-307
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 nov 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server Java (Logon Application)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3393899https://url.sap/sapsecuritypatchday