Lucene search

SapVULNRICHMENT:CVE-2024-28163

HistoryMar 12, 2024 - 12:45 a.m.

CVE-2024-28163 Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)

2024-03-1200:45:42

CWE-732

sap

github.com

cve-2024-28163

information disclosure

sap netweaver.

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sap:netweaver_process_integration:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sap",
    "product": "netweaver_process_integration",
    "versions": [
      {
        "status": "affected",
        "version": "7.50"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

me.sap.com/notes/3434192

support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-28163