Information Exposure Vulnerability in SAP NetWeaver Server ABAP
CVE-2025-23193

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Server Abap
Vendor: CVE Published:; 11 February 2025

Summary

The SAP NetWeaver Server ABAP exhibits a vulnerability that allows an unauthenticated attacker to exploit the server's response behavior based on the existence of specific user accounts. This flaw can lead to the unintended disclosure of sensitive information, providing attackers with insights into the server's configuration and user presence, without allowing for data modification or impacting server availability.

Affected Version(s)

SAP NetWeaver Server ABAP SAP_BASIS 700

SAP NetWeaver Server ABAP SAP_BASIS 701

SAP NetWeaver Server ABAP SAP_BASIS 702

References

https://me.sap.com/notes/3561264

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 13, 2025