CVE-2024-25645 MEDIUM

CVE-2024-25645: Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal)

Vendor Sap_Se
Product SAP NetWeaver (Enterprise Portal)
Weakness CWE-732
Published March 12, 2024
Last update September 28, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
September 28, 2024 Record updated