6.1

CVE-2025-42962

SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
Default Statusunaffected
Version DW4CORE 100
Status affected
Version 200
Status affected
Version 300
Status affected
Version 400
Status affected
Version 916
Status affected
Version SAP_BW 730
Status affected
Version 731
Status affected
Version 740
Status affected
Version 750
Status affected
Version 751
Status affected
Version 752
Status affected
Version 753
Status affected
Version 754
Status affected
Version 756
Status affected
Version 757
Status affected
Version 758
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.11
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.