Information Disclosure vulnerability in SAP NetWeaver Process Integration (Support Web Pages)

Vulnerability

In SAP NetWeaver Process Integration (PI) version 7.50, the Support Web Pages contain an information disclosure vulnerability [1]. Under certain conditions, an attacker can access resources that would otherwise be restricted, leading to low confidentiality impact [1]. The exact component and preconditions are not detailed beyond the version number and the affected feature area.

Exploitation

An attacker requires network access to the affected Support Web Pages [1]. The attack complexity and privileges needed are not described in the available sources, but the vulnerability is triggered by accessing the specific pages under conditions that bypass intended access controls [1]. No user interaction beyond normal browsing is mentioned.

Impact

Successful exploitation results in low confidentiality impact — the attacker gains access to information that should be restricted [1]. Integrity and availability of the application are not affected [1]. The nature of the disclosed data and privilege level are not specified in the references.

Mitigation

SAP has released security notes for this vulnerability via its Patch Day process [1]. The specific patch note ID and fixed version are not disclosed in the available references. Administrators are advised to apply the latest support package or security patch for SAP NetWeaver PI 7.50 from the SAP for Me portal [1].