fkie_cve-2025-42949
Vulnerability from fkie_nvd
Published
2025-08-12 03:15
Modified
2025-08-12 14:25
Summary
Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.
Impacted products
Vendor Product Version



{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected."
    },
    {
      "lang": "es",
      "value": "Debido a la falta de una comprobaci\u00f3n de autorizaci\u00f3n en la plataforma ABAP, un usuario autenticado con privilegios elevados podr\u00eda eludir las restricciones de autorizaci\u00f3n para transacciones comunes utilizando la consola SQL. Esto podr\u00eda permitir que un atacante acceda y lea el contenido de las tablas de la base de datos sin la debida autorizaci\u00f3n, lo que comprometer\u00eda significativamente la confidencialidad de los datos. Sin embargo, la integridad y la disponibilidad del sistema permanecen intactas."
    }
  ],
  "id": "CVE-2025-42949",
  "lastModified": "2025-08-12T14:25:33.177",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "cna@sap.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-08-12T03:15:27.657",
  "references": [
    {
      "source": "cna@sap.com",
      "url": "https://me.sap.com/notes/3626722"
    },
    {
      "source": "cna@sap.com",
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…