CVE-2024-39593

Published: Jul 9, 2024Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.

Affected (1)

Products: Sap: Landscape Management

Sap

1 product

Landscape Management

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Landscape Management	Version 3.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://me.sap.com/notes/3466801

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

https://me.sap.com/notes/3466801

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://url.sap/sapsecuritypatchday

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.