4.3

CVE-2025-42960

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
Product SAP Business Warehouse and SAP BW/4HANA BEx Tools
Default Statusunaffected
Version DW4CORE 100
Status affected
Version 200
Status affected
Version 300
Status affected
Version 400
Status affected
Version SAP_BW 700
Status affected
Version 701
Status affected
Version 702
Status affected
Version 731
Status affected
Version 740
Status affected
Version 750
Status affected
Version 751
Status affected
Version 752
Status affected
Version 753
Status affected
Version 754
Status affected
Version 755
Status affected
Version 756
Status affected
Version 757
Status affected
Version 758
Status affected
Version 816
Status affected
Version SAP_BW_VIRTUAL_COMP 701
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.109
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
cna@sap.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.