CVE-2024-47588

In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3522953
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-12 01:15

Updated : 2024-11-12 13:55

NVD link : CVE-2024-47588

Mitre link : CVE-2024-47588

CVE.ORG link : CVE-2024-47588

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

4.7 /10