CVE-2025-42903

Summary

A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Financial Service Claims ManagementINSURANCE 803affected
SAP_SESAP Financial Service Claims Management804affected
SAP_SESAP Financial Service Claims Management805affected
SAP_SESAP Financial Service Claims Management806affected
SAP_SESAP Financial Service Claims ManagementS4CEXT 107affected
SAP_SESAP Financial Service Claims Management108affected
SAP_SESAP Financial Service Claims Management109affected

Weaknesses

  • CWE-204: CWE-204: Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References