CVE-2025-27430
3.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | S4CRM 100 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 200 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 204 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 205 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 206 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | S4FND 102 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 103 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 104 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 105 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 106 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 107 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 108 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | S4CEXT 107 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | BBPCRM 701 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 702 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 712 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 713 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 714 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | WEBCUIF 701 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 731 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 746 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 747 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 748 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 800 | affected |
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) | 801 | affected |
Weaknesses
- CWE-918: CWE-918: Server-Side Request Forgery (SSRF)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.