CVE-2025-42946
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | sap_s/4hana | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a directory traversal flaw in SAP S/4HANA's Bank Communication Management module. An attacker who already has high privileges and access to a specific transaction and method within this module can exploit the flaw to gain unauthorized access to sensitive operating system files. This means the attacker could read or delete these files without proper authorization.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive operating system files, potentially allowing an attacker to read confidential information or delete important files. This results in a high impact on confidentiality and a low impact on integrity of the system. However, there is no impact on the availability of the system.