CVE-2024-39600

{"id": "CVE-2024-39600", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 0.6}]}, "published": "2024-07-09T05:15:13.147", "references": [{"url": "https://me.sap.com/notes/3461110", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."}, {"lang": "es", "value": "Bajo ciertas condiciones, la memoria de SAP GUI para Windows contiene la contrase\u00f1a utilizada para iniciar sesi\u00f3n en un sistema SAP, lo que podr\u00eda permitir a un atacante obtener la contrase\u00f1a y hacerse pasar por el usuario afectado. Como resultado, tiene un alto impacto en la confidencialidad pero no hay impacto en la integridad y disponibilidad."}], "lastModified": "2024-07-09T18:19:14.047", "sourceIdentifier": "cna@sap.com"}