4.3

CVE-2025-42918

EPSS 0.04%
Veröffentlicht 09.09.2025 02:15:40
Zuletzt bearbeitet 23.10.2025 12:44:38
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)

SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters.  This results in a low impact on confidentiality, with no impact on integrity or availability

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 15 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Sap Basis Version700

SAP ≫ Sap Basis Version701

SAP ≫ Sap Basis Version702

SAP ≫ Sap Basis Version731

SAP ≫ Sap Basis Version740

SAP ≫ Sap Basis Version750

SAP ≫ Sap Basis Version751

SAP ≫ Sap Basis Version752

SAP ≫ Sap Basis Version753

SAP ≫ Sap Basis Version754

SAP ≫ Sap Basis Version755

SAP ≫ Sap Basis Version756

SAP ≫ Sap Basis Version757

SAP ≫ Sap Basis Version758

SAP ≫ Sap Basis Version816

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.113

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

Patch

https://me.sap.com/notes/3623504

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-42918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-42918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-42918

EUVD