CVE-2024-42372: Missing Authorization check in SAP NetWeaver AS Java (System Landscape Directory)
First published: Tue Nov 12 2024(Updated: )
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS for Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-42372?
The severity of CVE-2024-42372 is classified as low, impacting confidentiality and integrity.
How do I fix CVE-2024-42372?
To fix CVE-2024-42372, implement proper authorization checks in the SAP NetWeaver AS Java System Landscape Directory.
What type of configurations can be accessed in CVE-2024-42372?
CVE-2024-42372 allows unauthorized users to read and modify restricted global SLD configurations.
Which software is affected by CVE-2024-42372?
CVE-2024-42372 affects SAP NetWeaver AS Java.
What impact does CVE-2024-42372 have on applications?
CVE-2024-42372 can cause low impact on the confidentiality and integrity of the affected application.
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/weakness
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver as for java