Vulnerabilities > CVE-2024-25642 - Unspecified vulnerability in SAP Cloud Connector 2.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://seclists.org/fulldisclosure/2024/May/26
- http://seclists.org/fulldisclosure/2024/May/26
- https://me.sap.com/notes/3424610
- https://me.sap.com/notes/3424610
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html