← voltar
CVE-2024-45283

Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)

CVSS 6 MEDIUMEPSS 0.2%CWE-256
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 set 2024Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Produtos afetados
SAP_SE · SAP NetWeaver AS for Java (Destination Service)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3477359https://url.sap/sapsecuritypatchday