Lucene search

[email protected]CVE-2024-25645

HistoryMar 12, 2024 - 1:15 a.m.

CVE-2024-25645

2024-03-1201:15:49

CWE-200

[email protected]

web.nvd.nist.gov

cve

2024

25645

sap

netweaver

enterprise portal

version 7.50

information disclosure

low impact

confidentiality

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver (Enterprise Portal)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ]
  }
]

References

me.sap.com/notes/3428847

support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-25645

cvelist1 prion1 nvd1