Brute Force Vulnerability Affects Confidentiality
CVE-2024-47592
5.3MEDIUM
Key Information
- Vendor
- SAP
- Status
- SAP Netweaver Application Server Java (logon Application)
- Vendor
- CVE Published:
- 12 November 2024
Summary
SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.
Affected Version(s)
SAP NetWeaver Application Server Java (Logon Application) = SERVERCORE 7.5
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database