← voltar
CVE-2025-42956

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP

CVSS 6.1 MEDIUMEPSS 0.2%CWE-79
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →