5.4
CVE-2025-42936
- EPSS 0.03%
- Published 12.08.2025 02:05:19
- Last modified 12.08.2025 14:25:33
- Source cna@sap.com
- Teams watchlist Login
- Open Login
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
≫
Product
SAP NetWeaver Application Server for ABAP
Default Statusunaffected
Version
SAP_BASIS 700
Status
affected
Version
SAP_BASIS 701
Status
affected
Version
SAP_BASIS 702
Status
affected
Version
SAP_BASIS 731
Status
affected
Version
SAP_BASIS 740
Status
affected
Version
SAP_BASIS 750
Status
affected
Version
SAP_BASIS 751
Status
affected
Version
SAP_BASIS 752
Status
affected
Version
SAP_BASIS 753
Status
affected
Version
SAP_BASIS 754
Status
affected
Version
SAP_BASIS 755
Status
affected
Version
SAP_BASIS 756
Status
affected
Version
SAP_BASIS 757
Status
affected
Version
SAP_BASIS 758
Status
affected
Version
SAP_BASIS 816
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.078 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@sap.com | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.