CVE-2025-42929

Summary

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Landscape Transformation Replication ServerDMIS 2011_1_620affected
SAP_SESAP Landscape Transformation Replication Server2011_1_640affected
SAP_SESAP Landscape Transformation Replication Server2011_1_700affected
SAP_SESAP Landscape Transformation Replication Server2011_1_710affected
SAP_SESAP Landscape Transformation Replication Server2011_1_730affected
SAP_SESAP Landscape Transformation Replication Server2011_1_731affected
SAP_SESAP Landscape Transformation Replication Server2011_1_752affected
SAP_SESAP Landscape Transformation Replication Server2020affected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References