CVE-2025-0058
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 753 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 754 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 755 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 756 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 757 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 758 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 912 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 913 | affected |
| SAP_SE | SAP Business Workflow and SAP Flexible Workflow | SAP_BASIS 914 | affected |
Weaknesses
- CWE-639: CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.