CVE-2024-42372

Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)

CVSS 6.5 MEDIUMEPSS 0.3%CWE-862

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

12 nov 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Produtos afetados

SAP_SE · SAP NetWeaver AS Java (System Landscape Directory)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3335394 https://url.sap/sapsecuritypatchday