CVE-2024-47592: Information Disclosure Vulnerability in SAP NetWeaver Application Server Java (Logon Application)
First published: Tue Nov 12 2024(Updated: )
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Java Application Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47592?
The severity of CVE-2024-47592 is classified as a medium risk due to the potential for unauthorized user enumeration.
How do I fix CVE-2024-47592?
To fix CVE-2024-47592, apply the latest security patches provided by SAP for the NetWeaver AS Java.
Who is affected by CVE-2024-47592?
CVE-2024-47592 affects users of SAP NetWeaver Application Server Java, particularly those with login functionalities.
What is the impact of CVE-2024-47592?
CVE-2024-47592 impacts the confidentiality of user information by allowing attackers to brute force login credentials.
Can CVE-2024-47592 be exploited remotely?
Yes, CVE-2024-47592 can be exploited remotely, as it allows unauthenticated attackers to attempt brute force attacks.
- agent/title
- agent/references
- agent/first-publish-date
- agent/type
- agent/description
- agent/weakness
- agent/author
- agent/severity
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver java application server