CVE-2025-42947
5.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L
Summary
SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP FICA ODN framework | SAPSCORE 132 | affected |
| SAP_SE | SAP FICA ODN framework | S4CORE 102 | affected |
| SAP_SE | SAP FICA ODN framework | 103 | affected |
| SAP_SE | SAP FICA ODN framework | 104 | affected |
| SAP_SE | SAP FICA ODN framework | 105 | affected |
| SAP_SE | SAP FICA ODN framework | 106 | affected |
| SAP_SE | SAP FICA ODN framework | 107 | affected |
| SAP_SE | SAP FICA ODN framework | 108 | affected |
| SAP_SE | SAP FICA ODN framework | FI-CA 606 | affected |
| SAP_SE | SAP FICA ODN framework | 616 | affected |
| SAP_SE | SAP FICA ODN framework | 617 | affected |
| SAP_SE | SAP FICA ODN framework | 618 | affected |
Weaknesses
- CWE-94: CWE-94: Improper Control of Generation of Code
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.