{"cve":{"cve_id":"CVE-2024-25645","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0041,"epss_percentile":0.32598,"epss_as_of":"2026-06-23","description":"Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.","published_at":"2024-03-12T00:53:58.649000Z","last_modified_at":null,"cvss_v3_score":5.3,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"partial","cwes":["CWE-732"],"nvd_references":["https://me.sap.com/notes/3428847","https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:53:59.984910Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-netweaver-enterprise-portal","product_name":"SAP NetWeaver Enterprise Portal","version_start":"7.50","version_start_inclusive":true,"version_end":"7.50","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-netweaver-enterprise-portal:7.50:7.50"}],"exploit_refs":[],"news":[],"references":[{"url":"https://me.sap.com/notes/3428847","source_type":"MISC","tags":[]},{"url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2024-03-12T00:53:58.649000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:34:28.673954Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:28.673954Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:34:28.673954Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:53:59.984910Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:53:59.984910Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:53:59.984910Z","label":"SSVC decision revised","source":"vulnrichment"}]}