NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2024-47588

Summary	In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability.
Publication Date	Nov. 12, 2024, 10:15 a.m.
Registration Date	Nov. 12, 2024, 4 p.m.
Last Update	Nov. 12, 2024, 10:15 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://me.sap.com/notes/3522953
2	https://url.sap/sapsecuritypatchday

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-522	認証情報の不十分な保護	https://cwe.mitre.org/data/definitions/522.html