CVE-2025-24869

Medium CVSS: 4.3

SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario, sensitive information could be exposed without compromising its integrity or availability.

Vendor

Product

CWE

CWE-863

Yayın Tarihi

2025-02-11 01:15:11

Güncelleme

2025-02-18 18:15:33

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-863 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3550027 https://url.sap/sapsecuritypatchday