CVE-2025-0059Exposure of Sensitive System Information to an Unauthorized Control Sphere in SE SAP Netweaver Application Server Abap

CWE-497Exposure of Sensitive System Information to an Unauthorized Control Sphere3 documents3 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 94.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Netweaver Application Server Abap
Timeline
PublishedJan 14

Description

Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vrff-9qrr-6vqr: Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability2025-01-14
CVEList
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)2025-01-14
CVE-2025-0059 — MEDIUM severity | cvebase