CVE-2024-25645

Under certain conditionSAPNetWeaver (Enterprise Portal) - version 7.50allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
sapCNA
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
sapnetweaver_enterprise_portal
7.50
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://me.sap.com/notes/3428847
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364
https://me.sap.com/notes/3428847
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364