← voltar
CVE-2025-42960

Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools

CVSS 4.3 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
SAP_SE · SAP Business Warehouse and SAP BW/4HANA BEx Tools

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3608991https://url.sap/sapsecuritypatchday