6.1
CVE-2025-42962
- EPSS 0.04%
- Published 08.07.2025 00:35:36
- Last modified 08.07.2025 16:18:14
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
≫
Product
SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
Default Statusunaffected
Version
DW4CORE 100
Status
affected
Version
200
Status
affected
Version
300
Status
affected
Version
400
Status
affected
Version
916
Status
affected
Version
SAP_BW 730
Status
affected
Version
731
Status
affected
Version
740
Status
affected
Version
750
Status
affected
Version
751
Status
affected
Version
752
Status
affected
Version
753
Status
affected
Version
754
Status
affected
Version
756
Status
affected
Version
757
Status
affected
Version
758
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.11 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@sap.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.