CVE-2025-0053

Published Jan 14, 2025

Last updated 8 days ago

CVSS medium 5.3

Overview

Description: SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.
Source: cna@sap.com
NVD status: Analyzed
Products: sap_basis

Risk scores

CVSS 3.1

Type: Secondary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-209

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC"
          },
          {
            "criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References