CVE-2025-23193Observable Response Discrepancy in SE SAP Netweaver Server Abap

CWE-204Observable Response Discrepancy3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 66.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver Server AbapSAP Basis
Timeline
PublishedFeb 11

Description

SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the existence of a specified user, potentially revealing sensitive information. This issue does not enable data modification and has no impact on server availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_server_abap14 versions+13
NVDsap/sap_basis14 versions+13

Patches

Patch: url.sap

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP2025-02-11
GHSA
GHSA-62m9-v7g3-w362: SAP NetWeaver Server ABAP allows an unauthenticated attacker to exploit a vulnerability that causes the server to respond differently based on the exi2025-02-11
CVE-2025-23193 — Observable Response Discrepancy | cvebase