6.1
CVE-2025-42985
- EPSS 0.04%
- Published 08.07.2025 00:38:25
- Last modified 08.07.2025 16:18:14
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorSAP_SE
≫
Product
SAP BusinessObjects Content Administrator workbench
Default Statusunaffected
Version
DW4CORE 100
Status
affected
Version
200
Status
affected
Version
300
Status
affected
Version
400
Status
affected
Version
SAP_BW 700
Status
affected
Version
701
Status
affected
Version
702
Status
affected
Version
731
Status
affected
Version
740
Status
affected
Version
750
Status
affected
Version
751
Status
affected
Version
752
Status
affected
Version
753
Status
affected
Version
754
Status
affected
Version
755
Status
affected
Version
756
Status
affected
Version
757
Status
affected
Version
758
Status
affected
Version
816
Status
affected
Version
SAP_BW_VIRTUAL_COMP 701
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.092 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| cna@sap.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.