CVE-2024-25645Incorrect Permission Assignment in SE SAP Netweaver

CWE-732Incorrect Permission AssignmentCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.3%
top 47.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP NetweaverSAP Netweaver Enterprise Portal
Timeline
PublishedMar 12

Description

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver7.50

🔴Vulnerability Details

2
GHSA
GHSA-5h2w-j5gq-rvfq: Under certain condition SAP NetWeaver (Enterprise Portal) - version 72024-03-12
CVEList
Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal)2024-03-12
CVE-2024-25645 — Incorrect Permission Assignment | cvebase