← Zuruck zu CVEs
CVE-2025-42956
MEDIUM6.1
Beschreibung
SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, injected input data will be used by the web site page generation to create content which when executed in the victim's browser leading to low impact on Confidentiality and Integrity with no effect on Availability of the application.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht7/8/2025
Zuletzt geandert10/27/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sap:sap_basis
Schwachen (CWE)
CWE-79
Referenzen
https://me.sap.com/notes/3617131(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.