CVE-2025-42956
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 700 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 701 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 702 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 731 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 740 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 750 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 751 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 752 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 753 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 754 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 755 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 756 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 757 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 758 | affected |
| SAP SE | SAP NetWeaver Application Server ABAP | SAP_BASIS 816 | affected |
Weaknesses
- CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.