CVE-2025-42882
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-12
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | netweaver_application_server | 3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by a missing authorization check in SAP NetWeaver Application Server for ABAP. It allows an authenticated attacker with basic privileges to execute a specific function module in ABAP that retrieves restricted technical information about the system. This information disclosure can help the attacker plan further attacks.
How can this vulnerability impact me? :
The vulnerability can lead to the disclosure of restricted technical information about the system environment. While it has a low impact on confidentiality and no impact on integrity or availability, the exposed information could assist attackers in planning subsequent attacks against the system.