3.5

CVE-2025-27430

Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
Product SAP CRM and SAP S/4HANA (Interaction Center)
Default Statusunaffected
Version S4CRM 100
Status affected
Version 200
Status affected
Version 204
Status affected
Version 205
Status affected
Version 206
Status affected
Version S4FND 102
Status affected
Version 103
Status affected
Version 104
Status affected
Version 105
Status affected
Version 106
Status affected
Version 107
Status affected
Version 108
Status affected
Version S4CEXT 107
Status affected
Version BBPCRM 701
Status affected
Version 702
Status affected
Version 712
Status affected
Version 713
Status affected
Version 714
Status affected
Version WEBCUIF 701
Status affected
Version 731
Status affected
Version 746
Status affected
Version 747
Status affected
Version 748
Status affected
Version 800
Status affected
Version 801
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.03% 0.09
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
cna@sap.com 3.5 1.8 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.