3
CVE-2025-42990
- EPSS 0.04%
- Veröffentlicht 10.06.2025 00:12:33
- Zuletzt bearbeitet 12.06.2025 16:06:39
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAPUI5 applications
Default Statusunaffected
Version
SAP_UI 750
Status
affected
Version
754
Status
affected
Version
755
Status
affected
Version
756
Status
affected
Version
757
Status
affected
Version
758
Status
affected
Version
UI_700 200
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.112 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 3 | 1.3 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.