CVE-2024-45283

MEDIUM

SAP NetWeaver AS for Java - Info Disclosure

Title source: llm

Description

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.

References (2)

[Vendor Advisory] https://url.sap/sapsecuritypatchday

[Vendor Advisory] https://me.sap.com/notes/3477359

Scores

CVSS v3 6.0

EPSS 0.0004

EPSS Percentile 10.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-256

Status published

Products (1)

SAP_SE/SAP NetWeaver AS for Java (Destination Service) 7.50

Published Sep 10, 2024

Tracked Since Feb 18, 2026