{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T18:22:47.286","vulnerabilities":[{"cve":{"id":"CVE-2025-24869","sourceIdentifier":"cna@sap.com","published":"2025-02-11T01:15:11.140","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver Application Server Java allows an attacker to access an endpoint that can disclose information about deployed server components, including their XML definitions. This information should ideally be restricted to customer administrators, even though they may not need it. These XML files are not entirely SAP-internal as they are deployed with the server. In such a scenario, sensitive information could be exposed without compromising its integrity or availability."},{"lang":"es","value":"SAP NetWeaver Application Server Java permite a un atacante acceder a un endpoint que puede revelar información sobre los componentes del servidor implementados, incluida sus definiciones XML. Lo ideal sería que esta información estuviera restringida a los administradores de clientes, aunque es posible que no la necesiten. Estos archivos XML no son completamente internos de SAP, ya que se implementan con el servidor. En tal escenario, la información confidencial podría quedar expuesta sin comprometer su integridad o disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://me.sap.com/notes/3550027","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}