Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Certificate Validation in SAP Cloud Connector
Vulnerability Description
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
SAP Cloud Connector 信任管理问题漏洞
Vulnerability Description
SAP Cloud Connector是德国思爱普(SAP)公司的一个工具,用于建立本地系统与 SAP Cloud Platform 之间的安全连接。 SAP Cloud Connector 2.0版本存在信任管理问题漏洞,该漏洞源于证书验证不正确,攻击者利用该漏洞可以冒充真正的服务器与 SCC 交互,从而破坏相互身份验证,可以拦截查看/修改敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A