Unauthorized Access to Restricted SLD Configurations
CVE-2024-42372

6.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Netweaver As Java (system Landscape Directory)
Vendor
CVE Published:
12 November 2024

Summary

Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.

Affected Version(s)

SAP NetWeaver AS Java (System Landscape Directory) LM-SLD 7.5

References

https://me.sap.com/notes/3335394
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.