CVE-2025-42889
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Starter Solution (PL SAFT) | SAP_APPL 600 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 602 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 603 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 604 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 605 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 606 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 616 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | SAP_FIN 617 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 618 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 700 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 720 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 730 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | S4CORE 100 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 101 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 102 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 103 | affected |
| SAP_SE | SAP Starter Solution (PL SAFT) | 104 | affected |
Weaknesses
- CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.