CVE-2024-25644

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3425682	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364	Vendor Advisory
https://me.sap.com/notes/3425682	Permissions Required
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

History

26 Feb 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3425682 -~~	() https://me.sap.com/notes/3425682 - Permissions Required
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 - Vendor Advisory
First Time		Sap Sap netweaver
CPE		cpe:2.3:a:sap:netweaver:7.50:::::::*
CWE		NVD-CWE-noinfo

21 Nov 2024, 09:01

Type	Values Removed	Values Added
References	~~() https://me.sap.com/notes/3425682 -~~	() https://me.sap.com/notes/3425682 -
References	~~() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -~~	() https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 -

28 Sep 2024, 23:15

Type	Values Removed	Values Added
Summary		(es) Bajo ciertas condiciones, SAP NetWeaver WSRM - versión 7.50, permite que un atacante acceda a información que de otro modo estaría restringida, lo que causa un bajo impacto en la confidencialidad sin ningún impacto en la integridad y disponibilidad de la aplicación.
Summary	(en) Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.	(en) Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
CWE	~~CWE-200~~	CWE-732

12 Mar 2024, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-12 01:15

Updated : 2025-02-26 15:15

NVD link : CVE-2024-25644

Mitre link : CVE-2024-25644

CVE.ORG link : CVE-2024-25644

JSON object : View

Products Affected

sap

netweaver

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

NVD-CWE-noinfo

{"id": "CVE-2024-25644", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-12T01:15:49.567", "references": [{"url": "https://me.sap.com/notes/3425682", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/3425682", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP NetWeaver WSRM - versi\u00f3n 7.50, permite que un atacante acceda a informaci\u00f3n que de otro modo estar\u00eda restringida, lo que causa un bajo impacto en la confidencialidad sin ning\u00fan impacto en la integridad y disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-02-26T15:15:08.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}

5.3 /10