Plaintext Storage of a Password

CVE-2024-45283

Medium

6/10

Summary

SAP NetWeaver AS for Java allows an authorized attacker to obtain sensitive information. The attacker could obtain the username and password when creating an RFC destination. After successful exploitation, an attacker can read the sensitive information but cannot modify or delete the data.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-256 - Plaintext Storage of a Password

Storing a password in plaintext may result in a system compromise.

References

Advisory Timeline

Published Sep 10, 2024

Plaintext Storage of a Password

CVE-2024-45283

Summary

CWE-256 - Plaintext Storage of a Password

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS