HIGH✓ PATCH🇬🇧 English

CVE-2025-0063

CVSS 8.8v3.1pub. 2025-01-14upd. 2025-10-24

SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sap Basis

    APP
    Sap
    700701702731740750751752753754755756757758
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2025-0066CRITICAL9.9PL ✓ten sam produkt

SAP NetWeaver AS ABAP – nieautoryzowany dostęp do danych przez słabą kontrolę dostępu

CVE-2026-23687HIGH8.8ten sam produkt

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privilege...

CVE-2016-4551HIGH7.5ten sam produkt

The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote atta...

CVE-2026-0484MEDIUM6.5ten sam produkt

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated ...

CVE-2026-24312MEDIUM5.2ten sam produkt

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated admi...