CVE-2024-25644 - Vulnerability Details - OpenCVE

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Sap	Netweaver

Configuration 1 [-]

cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://me.sap.com/notes/3425682
https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364

History

Wed, 26 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:sap:netweaver:7.50:::::::*

Sat, 28 Sep 2024 23:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200

Sat, 28 Sep 2024 23:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Sap Sap netweaver
CPEs		cpe:2.3:a:sap:netweaver:7.5:::::::*
Vendors & Products		Sap Sap netweaver
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 28 Sep 2024 22:45:00 +0000

Type	Values Removed	Values Added
Description	Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.	Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
Weaknesses		CWE-732

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2024-03-12T00:33:44.473Z

Updated: 2024-09-28T22:24:11.195Z

Reserved: 2024-02-09T04:10:20.036Z

Link: CVE-2024-25644

Vulnrichment

Updated: 2024-08-01T23:44:09.806Z

NVD

Status : Analyzed

Published: 2024-03-12T01:15:49.567

Modified: 2025-04-10T19:40:55.793

Link: CVE-2024-25644

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-25644", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-02-09T04:10:20.036Z", "datePublished": "2024-03-12T00:33:44.473Z", "dateUpdated": "2024-09-28T22:24:11.195Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "NetWeaver (WSRM)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "7.50"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.</p>"}], "value": "Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-28T22:24:11.195Z"}, "references": [{"url": "https://me.sap.com/notes/3425682"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in NetWeaver (WSRM)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.806Z"}, "title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3425682", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "sap", "product": "netweaver", "cpes": ["cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "7.5", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-05T17:39:57.790456Z", "id": "CVE-2024-25644", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T17:43:45.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://me.sap.com/notes/3425682", "tags": ["x_transferred"]}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:44:09.806Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-25644", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-05T17:39:57.790456Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:sap:netweaver:7.5:*:*:*:*:*:*:*"], "vendor": "sap", "product": "netweaver", "versions": [{"status": "affected", "version": "7.5"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-05T17:43:22.143Z"}}], "cna": {"title": "Information Disclosure vulnerability in NetWeaver (WSRM)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "NetWeaver (WSRM)", "versions": [{"status": "affected", "version": "7.50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3425682"}, {"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-09-28T22:24:11.195Z"}}}, "cveMetadata": {"cveId": "CVE-2024-25644", "state": "PUBLISHED", "dateUpdated": "2024-09-28T22:24:11.195Z", "dateReserved": "2024-02-09T04:10:20.036Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-03-12T00:33:44.473Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "F2B37045-2FB7-49BB-AE38-B84FAA6ADFB0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Under certain conditions SAP NetWeaver\u00a0WSRM\u00a0- version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application."}, {"lang": "es", "value": "Bajo ciertas condiciones, SAP NetWeaver WSRM - versi\u00f3n 7.50, permite que un atacante acceda a informaci\u00f3n que de otro modo estar\u00eda restringida, lo que causa un bajo impacto en la confidencialidad sin ning\u00fan impacto en la integridad y disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2024-25644", "lastModified": "2025-04-10T19:40:55.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-12T01:15:49.567", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3425682"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3425682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}