Details of VAR-202403-1392

ID

VAR-202403-1392

CVE

CVE-2024-25644

TITLE

SAP of SAP NetWeaver Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-019413

DESCRIPTION

Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Exists in unspecified vulnerabilities.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-25644 // JVNDB: JVNDB-2024-019413

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver	scope:	eq	version:	7.50	Trust: 1.8
vendor:	sap	model:	netweaver	scope:	eq	version:	-	Trust: 0.8
vendor:	sap	model:	netweaver	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-019413 // NVD: CVE-2024-25644

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@sap.com:	CVE-2024-25644
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-25644
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-019413
value:	MEDIUM
Trust: 0.8

cna@sap.com:	CVE-2024-25644
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2024-019413
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-019413 // NVD: CVE-2024-25644 // NVD: CVE-2024-25644

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [ others ]	Trust: 0.8
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-019413 // NVD: CVE-2024-25644

EXTERNAL IDS

db:	NVD	id:	CVE-2024-25644	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-019413	Trust: 0.8

sources: JVNDB: JVNDB-2024-019413 // NVD: CVE-2024-25644

REFERENCES

url:	https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorid=section_370125364	Trust: 1.8
url:	https://me.sap.com/notes/3425682	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-25644	Trust: 0.8

sources: JVNDB: JVNDB-2024-019413 // NVD: CVE-2024-25644

SOURCES

db:	JVNDB	id:	JVNDB-2024-019413
db:	NVD	id:	CVE-2024-25644

LAST UPDATE DATE

2025-04-11T23:12:34.284000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-019413	date:	2025-02-27T04:59:00
db:	NVD	id:	CVE-2024-25644	date:	2025-04-10T19:40:55.793

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-019413	date:	2025-02-27T00:00:00
db:	NVD	id:	CVE-2024-25644	date:	2024-03-12T01:15:49.567