2.7
CVE-2025-42954
- EPSS 0.05%
- Published 08.07.2025 00:34:51
- Last modified 08.07.2025 16:18:14
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
≫
Product
SAP NetWeaver Business Warehouse (CCAW application)
Default Statusunaffected
Version
DW4CORE 100
Status
affected
Version
200
Status
affected
Version
300
Status
affected
Version
400
Status
affected
Version
SAP_BW 700
Status
affected
Version
701
Status
affected
Version
702
Status
affected
Version
731
Status
affected
Version
740
Status
affected
Version
750
Status
affected
Version
751
Status
affected
Version
752
Status
affected
Version
753
Status
affected
Version
754
Status
affected
Version
755
Status
affected
Version
756
Status
affected
Version
757
Status
affected
Version
758
Status
affected
Version
816
Status
affected
Version
SAP_BW_VIRTUAL_COMP 701
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.165 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@sap.com | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.