CVE-2025-42954
2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which results in reduced performance or interrupted operation of the affected resource. This leads to low impact on availability of the application, there is no impact on confidentiality and integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | DW4CORE 100 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 200 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 300 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 400 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | SAP_BW 700 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 701 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 702 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 731 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 740 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 750 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 751 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 752 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 753 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 754 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 755 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 756 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 757 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 758 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | 816 | affected |
| SAP_SE | SAP NetWeaver Business Warehouse (CCAW application) | SAP_BW_VIRTUAL_COMP 701 | affected |
Weaknesses
- CWE-835: CWE-835: Loop with Unreachable Exit Condition
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.