8.1
CVE-2025-42976
- EPSS 0.1%
- Veröffentlicht 12.08.2025 02:10:06
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)
SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP NetWeaver Application Server ABAP (BIC Document)
Default Statusunaffected
Version
S4COREOP 104
Status
affected
Version
105
Status
affected
Version
106
Status
affected
Version
107
Status
affected
Version
108
Status
affected
Version
SEM-BW 600
Status
affected
Version
602
Status
affected
Version
603
Status
affected
Version
604
Status
affected
Version
605
Status
affected
Version
634
Status
affected
Version
736
Status
affected
Version
746
Status
affected
Version
747
Status
affected
Version
748
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.271 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.