← volver
CVE-2025-42997

Information Disclosure vulnerability in SAP Gateway Client

CVSS 6.6 MEDIUMEPSS 0.2%CWE-732
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
13 may 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Productos afectados
SAP_SE · SAP Gateway Client

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3577300https://url.sap/sapsecuritypatchday