CVE-2025-42976
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver_application_server_abap | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a specially designed request that can cause a memory corruption error. Exploiting this can crash the target component, potentially making it completely unavailable after multiple attempts. Additionally, a similar crafted request can perform an out-of-bounds read operation, which may reveal sensitive information loaded in memory at the time. However, the attacker cannot modify any information.
How can this vulnerability impact me? :
The vulnerability can impact you by causing the targeted SAP component to crash and become unavailable, leading to denial of service. It can also expose sensitive information through out-of-bounds memory reads, which could lead to information disclosure. There is no risk of data modification, but the availability and confidentiality of data could be affected.