CVE-2025-30017
4.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Solution Manager | ST 720 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 700 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 701 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 702 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 731 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 740 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 750 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 751 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 752 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 753 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 754 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 755 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 756 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 757 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 758 | affected |
| SAP_SE | SAP Solution Manager | SAP_BASIS 914 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.