CVE-2024-42372

Published Nov 12, 2024

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
Source: cna@sap.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-862

Hype score: Not currently trending

There is a new vulnerability with elevated criticality in SAP NetWeaver AS Java (CVE-2024-42372) https://t.co/BdkFgvqYWX
@vuldb
12 Nov 2024
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References