← volver
CVE-2025-42926

Missing Authentication check in SAP NetWeaver Application Server Java

CVSS 5.3 MEDIUMEPSS 0.3%CWE-306
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 sep 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server Java

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3619465https://url.sap/sapsecuritypatchday