CVE-2024-28163 MEDIUM

CVE-2024-28163: Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)

Vendor Sap_Se
Product SAP NetWeaver Process Integration (Support Web Pages)
Weakness CWE-732
Published March 12, 2024
Last update September 28, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

Key dates

02Disclosure timeline

March 12, 2024 CVE published
September 28, 2024 Record updated