8.8
CVE-2025-42933 - Insecure Storage of Sensitive Information in SAP Business One (SLD)
When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of theβ¦
6.5
CVE-2025-42930 - Denial of Service (DoS) vulnerability in SAP Business Planning and Consolidation
SAP Business Planning and Consolidation allows an authenticated standard user to call a function module by crafting specific parameters that causes a loop, consuming excessive resources and resulting in system unavailability. This leads to high impact on the availability of the application, there iβ¦
8.1
CVE-2025-42929 - Missing input validation vulnerability in SAP Landscape Transformation Replication Server
Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.
3.4
CVE-2025-42927 - Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Serβ¦
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vulnerabilities in the outdated OpenSSL library would allow user with high system privileges to access and modify system information.This vulnerability has β¦
5.3
CVE-2025-42926 - Missing Authentication check in SAP NetWeaver Application Server Java
SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the systβ¦
4.3
CVE-2025-42925 - Predictable Object Identifier vulnerability in SAP NetWeaver AS Java (IIOP Service)
Due to the lack of randomness in assigning Object Identifiers in the SAP NetWeaver AS JAVA IIOP service, an authenticated attacker with low privileges could predict the identifiers by conducting a brute force search. By leveraging knowledge of several identifiers generated close to the same time, tβ¦
4.3
CVE-2025-42923 - Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)
Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.
9.9
CVE-2025-42922 - Insecure File Operations vulnerability in SAP NetWeaver AS Java (Deploy Web Service)
SAP NetWeaver AS Java allows an attacker authenticated as a non-administrative user to use a flaw in an available service to upload an arbitrary file. This file when executed can lead to a full compromise of confidentiality, integrity and availability of the system.
6.1
CVE-2025-42920 - Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim clicks on the link, the injected input is processed during the page generation, resuβ¦
4.3
CVE-2025-42918 - Missing Authorization check in SAP NetWeaver Application Server for ABAP (Background Processing)
SAP NetWeaver Application Server for ABAP allows authenticated users with access to background processing to gain unauthorized read access to profile parameters. This results in a low impact on confidentiality, with no impact on integrity or availability