CVE-2024-45283: Information disclosure vulnerability in SAP NetWeaver AS for Java (Destination Service)
First published: Tue Sep 10 2024(Updated: )
SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-45283?
CVE-2024-45283 is classified as a medium severity vulnerability as it allows unauthorized access to sensitive information.
How do I fix CVE-2024-45283?
To mitigate CVE-2024-45283, update to the latest version of SAP NetWeaver AS for Java as recommended by SAP's security advisory.
What information can be compromised in CVE-2024-45283?
CVE-2024-45283 can lead to the compromise of usernames and passwords when creating an RFC destination.
Who is affected by CVE-2024-45283?
The vulnerability affects users of SAP NetWeaver AS for Java, particularly those with improper configurations.
Can CVE-2024-45283 be exploited without authorization?
No, CVE-2024-45283 requires an attacker to have authorized access to exploit the vulnerability.
- agent/references
- agent/title
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver application server java