CVE-2025-42875
6.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Summary
The SAP Internet Communication Framework does not conduct any authentication checks for features that need user identification allowing an attacker to reuse authorization tokens, violating secure authentication practices causing low impact on Confidentiality, Integrity and Availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 700 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 701 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 702 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 731 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 740 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 750 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 751 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 752 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 753 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 754 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 755 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 756 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 757 | affected |
| SAP_SE | SAP NetWeaver Internet Communication Framework | SAP_BASIS 758 | affected |
Weaknesses
- CWE-306: CWE-306: Missing Authentication for Critical Function
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.