CVE-2024-28163

low-risk

Published 2024-03-12

Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Netweaver Process Integration

Affected Vendors

Sap

References (4)

Permissions Required https://me.sap.com/notes/3434192

Vendor Advisory https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?an...

Permissions Required https://me.sap.com/notes/3434192

Vendor Advisory https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?an...

/ 100

low-risk

Severity 21/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal