Primary

Context

SAP NetWeaver Information Disclosure Vulnerability Allowing Credential Exposure

Vulnerability

An information disclosure vulnerability has been identified in SAP NetWeaver. This issue arises from the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can manipulate these settings to expose sensitive information, such as user credentials, when accessed by the victim. These credentials could then be used to gain unauthorized access to local or adjacent systems, significantly compromising confidentiality.

Impact

Exploitation of this vulnerability leads to unauthorized exposure of user credentials, which could be used to access local or adjacent systems.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically during the SAP Security Patch Day, which occurs on the second Tuesday of each month.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

4.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

2.5

exploitability

4.5

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver Information Disclosure Vulnerability Allowing Credential Exposure

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating