Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) by SAP_SE

    CVE-2025-0066 (GCVE-0-2025-0066)

    Vulnerability from nvd – Published: 2025-01-14 00:09 – Updated: 2025-01-14 14:50
    VLAI
    Title
    Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)
    Summary
    Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 912
    Affected: SAP_BASIS 913
    Affected: SAP_BASIS 914
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:50:09.959227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:50:46.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 912"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 913"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 914"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnder certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application\u003c/p\u003e"
                }
              ],
              "value": "Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T00:09:36.035Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3550708"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-0066",
        "datePublished": "2025-01-14T00:09:36.035Z",
        "dateReserved": "2024-12-11T05:05:07.367Z",
        "dateUpdated": "2025-01-14T14:50:46.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-0066 (GCVE-0-2025-0066)

    Vulnerability from cvelistv5 – Published: 2025-01-14 00:09 – Updated: 2025-01-14 14:50
    VLAI
    Title
    Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)
    Summary
    Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 912
    Affected: SAP_BASIS 913
    Affected: SAP_BASIS 914
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-0066",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-14T14:50:09.959227Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-14T14:50:46.306Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 912"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 913"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 914"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnder certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application\u003c/p\u003e"
                }
              ],
              "value": "Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-14T00:09:36.035Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3550708"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-0066",
        "datePublished": "2025-01-14T00:09:36.035Z",
        "dateReserved": "2024-12-11T05:05:07.367Z",
        "dateUpdated": "2025-01-14T14:50:46.306Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }