CVE-2025-42960

Summary

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx ToolsDW4CORE 100affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools200affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools300affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools400affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx ToolsSAP_BW 700affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools701affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools702affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools731affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools740affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools750affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools751affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools752affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools753affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools754affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools755affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools756affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools757affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools758affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx Tools816affected
SAP_SESAP Business Warehouse and SAP BW/4HANA BEx ToolsSAP_BW_VIRTUAL_COMP 701affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References