CVE-2024-47592

EPSS 0.13%
Published 12.11.2024 01:15:05
Last modified 12.11.2024 13:55:21
Source cna@sap.com
Teams watchlist Login
Open Login

SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Vendorsap

≫

Product netweaver_application_server_java

Default Statusunknown

Version 7.5

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.333

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cna@sap.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3393899

https://nvd.nist.gov/vuln/detail/CVE-2024-47592

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47592

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47592

EUVD