CVE-2025-42949
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper authorization, leading to a significant compromise of data confidentiality. However, the integrity and availability of the system remain unaffected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | ABAP Platform | SAP_BASIS 758 | affected |
| SAP_SE | ABAP Platform | SAP_BASIS 816 | affected |
| SAP_SE | ABAP Platform | SAP_BASIS 916 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.