CVE-2024-25642
Improper Certificate Validation in SAP Cloud Connector
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
Debido a una validación incorrecta del certificado en SAP Cloud Connector - versión 2.0, el atacante puede hacerse pasar por los servidores genuinos para interactuar con SCC rompiendo la autenticación mutua. Por lo tanto, el atacante puede interceptar la solicitud para ver/modificar información confidencial. No hay ningún impacto en la disponibilidad del sistema.
SAP Cloud Connector versions 2.15.0 through 2.16.1 were found to happily accept self-signed TLS certificates between SCC and SAP BTP.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-02-09 CVE Reserved
- 2024-02-13 CVE Published
- 2024-08-01 CVE Updated
- 2024-10-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2024/May/26 |
|
|
| https://me.sap.com/notes/3424610 | ||
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| SAP SE Search vendor "SAP SE" | SAP Cloud Connector Search vendor "SAP SE" for product "SAP Cloud Connector" | 2.0 Search vendor "SAP SE" for product "SAP Cloud Connector" and version "2.0" | en |
Affected
| ||||||