Information Disclosure Vulnerability in SAP NetWeaver Real Time Messaging Framework
CVE-2022-26103

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver (real Time Messaging Framework)
Vendor: CVE Published:; 10 March 2022

Summary

The vulnerability in SAP NetWeaver Real Time Messaging Framework version 7.50 allows attackers, under specific circumstances, to gain unauthorized access to sensitive information. This access could enable further exploits and attacks by gathering critical data that aids in compromising system integrity. Organizations utilizing this version must assess their exposure and implement appropriate security measures to mitigate potential risks.

Affected Version(s)

SAP NetWeaver (Real Time Messaging Framework) < 7.50

References

https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3132360

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
Feb 25, 2022