CVE-2015-2817

Published Apr 1, 2015

Last updated a month ago

CVSS info 5.0

Overview

Description
The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768.
Source
cve@mitre.org
NVD status
Modified
Products
netweaver

Risk scores

CVSS 2.0

Type
Primary
Base score
5
Impact score
2.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov
CWE-200

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Due to a Deserialization vulnerability in SAP NetWeaver (JMS service), an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic execution, potentially causing a denial of service. Successful exploitation results in a high impact on availability, while confidentiality and integrity remain unaffected.CVE-2026-23685
  2. SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring any specific knowledge or controlled conditions. This leads to a low impact on confidentiality with no effect on integrity or availability of the application.CVE-2025-42968
  3. SAP NetWeaver Deserialization VulnerabilityCVE-2025-42999
  4. SAP NetWeaver Unrestricted File Upload VulnerabilityCVE-2025-31324
  5. SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality. CVE-2024-27898

References

Sources include official advisories and independent security research.