CVE-2025-42952
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-08
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | business_warehouse | * |
| sap | plug-in_basis | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures. By doing so, the attacker can cause the system to become unusable, for example by triggering short dumps on login.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a high impact on system availability. Specifically, an attacker can render the system unusable, which may disrupt business operations. However, data confidentiality and integrity are not affected, meaning no data can be read, changed, or deleted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability does not affect data confidentiality or integrity, so it does not directly impact compliance with standards focused on data protection such as GDPR or HIPAA. However, the high impact on system availability could affect compliance if availability is a requirement under those regulations.