Vulnerabilites related to SAP_SE - SAP CRM and SAP S/4HANA (Interaction Center)
CVE-2025-27430 (GCVE-0-2025-27430)
Vulnerability from cvelistv5
Published
2025-03-11 00:37
Modified
2025-03-11 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) |
Version: S4CRM 100 Version: 200 Version: 204 Version: 205 Version: 206 Version: S4FND 102 Version: 103 Version: 104 Version: 105 Version: 106 Version: 107 Version: 108 Version: S4CEXT 107 Version: BBPCRM 701 Version: 702 Version: 712 Version: 713 Version: 714 Version: WEBCUIF 701 Version: 731 Version: 746 Version: 747 Version: 748 Version: 800 Version: 801 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:06:37.325274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:06:54.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CRM and SAP S/4HANA (Interaction Center)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CRM 100"
},
{
"status": "affected",
"version": "200"
},
{
"status": "affected",
"version": "204"
},
{
"status": "affected",
"version": "205"
},
{
"status": "affected",
"version": "206"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "BBPCRM 701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "712"
},
{
"status": "affected",
"version": "713"
},
{
"status": "affected",
"version": "714"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "746"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "748"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnder certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability\u003c/p\u003e"
}
],
"value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T00:37:24.590Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3561861"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-27430",
"datePublished": "2025-03-11T00:37:24.590Z",
"dateReserved": "2025-02-25T09:29:51.244Z",
"dateUpdated": "2025-03-11T02:06:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}