Unauthorized Access to Restricted SLD Configurations
CVE-2024-42372
6.5MEDIUM
Key Information
- Vendor
- SAP
- Status
- SAP Netweaver As Java (system Landscape Directory)
- Vendor
- CVE Published:
- 12 November 2024
Summary
Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application.
Affected Version(s)
SAP NetWeaver AS Java (System Landscape Directory) = LM-SLD 7.5
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database