- Description
- SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario, sensitive information could be exposed without compromising its integrity or availability.
- Source
- cna@sap.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
- cna@sap.com
- CWE-863
- Hype score
- Not currently trending
🚨 CVE-2025-24869 🟠 MEDIUM (4.3) 🏢 SAP_SE - SAP NetWeaver Application Server Java 🏗️ WD-RUNTIME 7.50 🔗 https://t.co/QwYgwIk7dY 🔗 https://t.co/f5sXJgkGmG #CyberCron #VulnAlert https://t.co/CJ5Mmqp3qJ
@cybercronai
12 Feb 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24869 SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML def… https://t.co/90Km2R2MWU
@CVEnew
11 Feb 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes