CVE-2025-42982

Summary

SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on confidentiality, integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP GRC (AC Plugin)GRCPINW V1100_700affected
SAP_SESAP GRC (AC Plugin)V1100_731affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References