{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0053", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-12-05T21:37:23.093Z", "datePublished": "2025-01-14T00:08:21.600Z", "dateUpdated": "2025-01-14T15:01:44.276Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.</p>"}], "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-01-14T00:08:21.600Z"}, "references": [{"url": "https://me.sap.com/notes/3536461"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:01:35.337636Z", "id": "CVE-2025-0053", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:01:44.276Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-14T15:01:35.337636Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:01:40.347Z"}}], "cna": {"title": "Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver Application Server for ABAP and ABAP Platform", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3536461"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209: Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-01-14T00:08:21.600Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0053", "state": "PUBLISHED", "dateUpdated": "2025-01-14T15:01:44.276Z", "dateReserved": "2024-12-05T21:37:23.093Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-01-14T00:08:21.600Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits."}, {"lang": "es", "value": " SAP NetWeaver Application Server para ABAP y la plataforma ABAP permite a un atacante obtener acceso no autorizado a la informaci\u00f3n del sistema. Al utilizar un par\u00e1metro de URL espec\u00edfico, un atacante no autenticado podr\u00eda recuperar detalles como la configuraci\u00f3n del sistema. Esto tiene un impacto limitado en la confidencialidad de la aplicaci\u00f3n y puede aprovecharse para facilitar otros ataques o exploits."}], "id": "CVE-2025-0053", "lastModified": "2025-10-24T19:24:55.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-01-14T01:15:15.403", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3536461"}, {"source": "cna@sap.com", "tags": ["Patch"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{}