SAP Landscape Management Data Disclosure Vulnerability
CVE-2024-39593

5.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Landscape Management
Vendor: CVE Published:; 9 July 2024

Summary

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.

Affected Version(s)

SAP Landscape Management VCM 3.00

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3466801

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
Jun 26, 2024