CVE-2025-42955
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: SAP SE
Description
Description
Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | cloud_connector | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to a missing authorization check in SAP Cloud Connector. An attacker with low privileges on an adjacent network can send a specially crafted request to the endpoint that tests LDAP connections. Exploiting this flaw could reduce the performance of the service.
How can this vulnerability impact me? :
The vulnerability can lead to reduced performance of the SAP Cloud Connector service, impacting its availability. However, it does not affect the confidentiality or integrity of data.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70