CVE-2024-22124Exposure of Sensitive System Information to an Unauthorized Control Sphere in SE SAP Netweaver

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources
Severity
7.5HIGHNVD
CNA4.1
EPSS
0.1%
top 84.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP NetweaverSAP Netweaver
Timeline
PublishedJan 9

Description

Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDsap/netweaver10 versions+9
CVEListV5sap_se/sap_netweaver11 versions+10

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager2024-01-09
GHSA
GHSA-57gj-f9mq-4c5v: Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 72024-01-09
CVE-2024-22124 — SAP SE SAP Netweaver vulnerability | cvebase