CVE-2024-45283Plaintext Storage of a Password in SE SAP Netweaver AS FOR Java

CWE-256Plaintext Storage of a Password3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 89.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver AS FOR Java
Timeline
PublishedSep 10

Description

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-36j4-jjhr-3m5r: SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information2024-09-10
CVEList
Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)2024-09-10
CVE-2024-45283 — Plaintext Storage of a Password | cvebase