CVE-2024-22125— Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22125
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure vulnerability in Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将系统数据暴露到未授权控制的范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP GUI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP GUI是德国思爱普(SAP)公司的一个应用软件。SAP系统的图形用户界面。 SAP GUI connector for Microsoft Edge 存在安全漏洞,该漏洞源于在某些情况下,允许攻击者访问高度敏感的信息,否则这些信息将受到限制,从而对机密性造成严重影响。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) | 1.0 | - |
II. Public POCs for CVE-2024-22125
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22125
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2024-01-09 · 7 CVEs total
| CVE-2024-21737 | 8.4 HIGH | Code Injection vulnerability in SAP Application Interface Framework (File Adapter) |
| CVE-2024-21735 | 7.3 HIGH | Improper Authorization check in SAP LT Replication Server |
| CVE-2024-21736 | 6.4 MEDIUM | Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management) |
| CVE-2024-22124 | 4.1 MEDIUM | Information Disclosure vulnerability in SAP NetWeaver Internet Communication Manager |
| CVE-2024-21738 | 4.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Application Server and ABAP |
| CVE-2024-21734 | 3.7 LOW | URL Redirection vulnerability in SAP Marketing (Contacts App) |
IV. Related Vulnerabilities
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-497
- CVE-2026-7864
Exposure of Sensitive Information to an Unauthorized Actor - CVE-2026-41928
Vvveb < 1.0.8.2 Information Disclosure via Cron Controller - CVE-2026-25468
WordPress Happy Addons for Elementor plugin <= 3.20.8 - Sens - CVE-2026-42644
WordPress BetterDocs plugin <= 4.3.10 - Sensitive Data Expos - CVE-2026-24222
NVIDIA NeMoClaw 安全漏洞
V. Comments for CVE-2024-22125
No comments yet