CVE-2024-47588 Information

Description

In SAP NetWeaver Java (Software Update Manager 1.1) under certain conditions when a software upgrade encounters errors credentials are written in plaintext to a log file. An attacker with local access to the server authenticated as a non-administrative user can acquire the credentials from the logs. This leads to a high impact on confidentiality with no impact on integrity or availability.

Reference

https://me.sap.com/notes/3522953 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday