| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| The vulnerability of SAP NetWeaver Application Server ABAP and ABAP Platform software integration platforms, related to information leakage in error messages, allows attackers to gain unauthorized access to protected information. | 20 Jan 202500:00 | โ | bdu_fstec | |
| CVE-2025-0053 | 14 Jan 202501:18 | โ | circl | |
| SAP NetWeaver Application Server ๅฎๅ จๆผๆด | 13 Jan 202500:00 | โ | cnnvd | |
| CVE-2025-0053 | 14 Jan 202500:08 | โ | cve | |
| CVE-2025-0053 Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform | 14 Jan 202500:08 | โ | cvelist | |
| EUVD-2025-1483 | 3 Oct 202520:07 | โ | euvd | |
| Vulnerabilities fixed in SAP products | 14 Jan 202511:50 | โ | ncsc | |
| CVE-2025-0053 | 14 Jan 202501:15 | โ | nvd | |
| CVE-2025-0053 | 14 Jan 202501:15 | โ | osv | |
| PT-2025-1184 ยท Sap ยท Sap Netweaver Application Server For Abap/Abap Platform | 14 Jan 202500:00 | โ | ptsecurity |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| me | www.me.sap.com/notes/3536461 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(214497);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/01/23");
script_cve_id("CVE-2025-0053");
script_xref(name:"IAVA", value:"2025-A-0008");
script_name(english:"SAP NetWeaver AS ABAP (3536461)");
script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver ABAP server may be affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote SAP NetWeaver ABAP server may be affected by an information disclosure vulnerability. The
ABAP Application Server of SAP NetWeaver as well as ABAP Platform allows an attacker to gain
unauthorized access to system information. By using a specific URL parameter, an unauthenticated
attacker could retrieve details such as system configuration. This has a limited impact on the
confidentiality of the application and may be leveraged to facilitate further attacks or exploits.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://support.sap.com/en/my-support/knowledge-base/security-notes-news/january-2025.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?67ffb71c");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3536461");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-0053");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2025/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/01/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_netweaver_as_web_detect.nbin");
script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 8000, 50000);
exit(0);
}
include('vcf_extras_sap.inc');
var app_info = vcf::sap_netweaver_as::get_app_info();
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var fix = 'See vendor advisory';
var constraints = [
{'min_version':'700', 'max_version': '702', 'fixed_display': fix},
{'equal':'731', 'fixed_display': fix},
{'equal':'740', 'fixed_display': fix},
{'min_version':'750', 'max_version': '757', 'fixed_display': fix}
];
vcf::sap_netweaver_as::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING,
abap:TRUE
);
Data
Build on a solid foundation withย Vulners data
Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data
Api
Power your application withย Vulners API
The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access
App
Assess and manage vulnerabilities withย Vulnersย tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation