CVE-2024-25644

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3425682
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

Configurations

No configuration.

History

28 Sep 2024, 23:15

Type	Values Removed	Values Added
CWE	~~CWE-200~~	CWE-732
Summary		(es) Bajo ciertas condiciones, SAP NetWeaver WSRM - versión 7.50, permite que un atacante acceda a información que de otro modo estaría restringida, lo que causa un bajo impacto en la confidencialidad sin ningún impacto en la integridad y disponibilidad de la aplicación.
Summary	(en) Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.	(en) Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

12 Mar 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-12 01:15

Updated : 2024-09-28 23:15

NVD link : CVE-2024-25644

Mitre link : CVE-2024-25644

CVE.ORG link : CVE-2024-25644

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

5.3 /10