CVE-2025-42998

Summary

The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business One Integration FrameworkB1_ON_HANA 10.0affected
SAP_SESAP Business One Integration FrameworkSAP-M-BO 10.0affected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References