CVE-2024-28163

CWE-732 — Incorrect Permission Assignment CWE-200 — Information Exposure3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 47.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Process Integration (support WEB Pages)SAP Netweaver Process Integration

Timeline

PublishedMar 12

Description

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5sap_se/sap_netweaver_process_integration_(support_web_pages)7.50

▶NVDsap/netweaver_process_integration7.50

🔴Vulnerability Details

CVEList

Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)↗2024-03-12

▶

GHSA

GHSA-v4f5-j5hc-8mj3: Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7↗2024-03-12

▶