CVE-2025-42907

Summary

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. On accessing the modified link in the browser a different server could get the ping request. This has low impact on integrity with no impact on confidentiality and availability of the system.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP BI PlatformENTERPRISE 430affected
SAP_SESAP BI Platform2025affected
SAP_SESAP BI Platform2027affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References