CVE-2025-42936
Missing Authorization check in SAP NetWeaver Application Server for ABAP
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
12 ago 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impact on the confidentiality and integrity of the application, there is no impact on availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server for ABAP¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →