CVE-2024-25644 — Incorrect Permission Assignment in SE Netweaver

CWE-732 — Incorrect Permission Assignment CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 40.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE Netweaver SAP Netweaver

Timeline

PublishedMar 12

Description

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/netweaver7.50

▶CVEListV5sap_se/netweaver7.50

🔴Vulnerability Details

GHSA

GHSA-g4w5-hhgx-9rgp: Under certain conditions SAP NetWeaver WSRM - version 7↗2024-03-12

▶

CVEList

Information Disclosure vulnerability in NetWeaver (WSRM)↗2024-03-12

▶