6.1
CVE-2025-42924
- EPSS 0.08%
- Veröffentlicht 11.11.2025 00:20:31
- Zuletzt bearbeitet 12.11.2025 16:19:59
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP S/4HANA landscape (SAP E-Recruiting BSP)
Default Statusunaffected
Version
S4ERECRT 100
Status
affected
Version
200
Status
affected
Version
ERECRUIT 600
Status
affected
Version
603
Status
affected
Version
604
Status
affected
Version
605
Status
affected
Version
606
Status
affected
Version
616
Status
affected
Version
617
Status
affected
Version
800
Status
affected
Version
801
Status
affected
Version
802
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.229 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.