Lucene search

SapCVELIST:CVE-2024-28164

HistoryJun 11, 2024 - 2:18 a.m.

CVE-2024-28164 Information Disclosure vulnerability in SAP NetWeaver AS Java (Guided Procedures)

2024-06-1102:18:48

CWE-200

sap

www.cve.org

cve-2024-28164

sap netweaver

information disclosure

guided procedures

unauthenticated user

low impact

confidentiality

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

SAP NetWeaver AS Java (CAF - Guided Procedures)
allows an unauthenticated user to access non-sensitive information about the
server which would otherwise be restricted causing low impact on
confidentiality of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP NetWeaver AS Java",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "GP-CORE 7.5"
      }
    ]
  }
]

References

me.sap.com/notes/3425571

support.sap.com/en/my-support/knowledge-base/security-notes-news.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-28164