CVE-2024-47588

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Java (Software Update Manager 1.1)

Description: The issue is related to insufficient protection of registration data. Under certain conditions, when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs, leading to a high impact on confidentiality.

Recommendations: For SAP NetWeaver Java (Software Update Manager 1.1), consider restricting access to log files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit local access to the server and ensure that non-administrative users do not have access to sensitive areas where credentials might be logged. At the moment, there is no information about a newer version that contains a fix for this vulnerability.