Details of VAR-202403-2490

ID

VAR-202403-2490

CVE

CVE-2024-28163

TITLE

SAP of SAP NetWeaver Process Integration Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2024-018593

DESCRIPTION

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. SAP of SAP NetWeaver Process Integration Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-28163 // JVNDB: JVNDB-2024-018593

AFFECTED PRODUCTS

vendor:	sap	model:	netweaver process integration	scope:	eq	version:	7.50	Trust: 1.8
vendor:	sap	model:	netweaver process integration	scope:	eq	version:	-	Trust: 0.8
vendor:	sap	model:	netweaver process integration	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-018593 // NVD: CVE-2024-28163

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@sap.com:	CVE-2024-28163
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2024-28163
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-28163
value:	MEDIUM
Trust: 0.8

cna@sap.com:	CVE-2024-28163
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2024-28163
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-018593 // NVD: CVE-2024-28163 // NVD: CVE-2024-28163

PROBLEMTYPE DATA

problemtype:	CWE-732	Trust: 1.0
problemtype:	Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]	Trust: 0.8
problemtype:	Improper permission assignment for critical resources (CWE-732) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-018593 // NVD: CVE-2024-28163

EXTERNAL IDS

db:	NVD	id:	CVE-2024-28163	Trust: 2.6
db:	JVNDB	id:	JVNDB-2024-018593	Trust: 0.8

sources: JVNDB: JVNDB-2024-018593 // NVD: CVE-2024-28163

REFERENCES

url:	https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorid=section_370125364	Trust: 1.8
url:	https://me.sap.com/notes/3434192	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2024-28163	Trust: 0.8

sources: JVNDB: JVNDB-2024-018593 // NVD: CVE-2024-28163

SOURCES

db:	JVNDB	id:	JVNDB-2024-018593
db:	NVD	id:	CVE-2024-28163

LAST UPDATE DATE

2025-02-14T23:00:33.832000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-018593	date:	2025-02-12T00:47:00
db:	NVD	id:	CVE-2024-28163	date:	2025-02-07T17:24:35.943

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-018593	date:	2025-02-12T00:00:00
db:	NVD	id:	CVE-2024-28163	date:	2024-03-12T01:15:50.390