Primary

Context

SAP NetWeaver Server ABAP User-Based Information Disclosure Vulnerability

Vulnerability

An information disclosure vulnerability has been identified in SAP NetWeaver Server ABAP. This issue allows an unauthenticated attacker to exploit the server's response behavior based on the presence of a specific user, potentially leading to the revelation of sensitive information. The vulnerability does not permit data modification and does not affect server availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the monthly SAP Security Patch Day.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

5.6

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

7.4

remediation

5.6

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver Server ABAP User-Based Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver Server ABAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating