CVE-2025-42962

Summary

SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)DW4CORE 100affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)200affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)300affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)400affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)916affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)SAP_BW 730affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)731affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)740affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)750affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)751affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)752affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)753affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)754affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)756affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)757affected
SAP_SESAP Business Warehouse (Business Explorer Web 3.5 loading animation)758affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References