CVE-2025-42897

Summary

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business One (SLD)B1_ON_HANA 10.0affected
SAP_SESAP Business One (SLD)SAP-M-BO 10.0affected

Weaknesses

  • CWE-522: CWE-522: Insufficiently Protected Credentials

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References