CVE-2025-42941

SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...

CVE-2025-42975 Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

SAP NetWeaver Application Server ABAP BIC Document allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to acces...

CVE-2025-42955

CVE-2025-42955 involves a missing authorization check in SAP Cloud Connector. An attacker on an adjacent network with low privileges can send a crafted request to the LDAP testing endpoint, potentially causing degraded service availability (low impact). Confidentiality and integrity are not affec...

CVE-2025-42955 Missing authorization check in SAP Cloud Connector

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of...

CVE-2025-42949

CVE-2025-42949 : A missing authorization check in the ABAP Platform could allow an authenticated user with elevated privileges to bypass authorization for common transactions via the SQL Console and read database table contents, exposing data confidentiality. The impact is limited to confidential...

CVE-2025-42949 Missing Authorization check in ABAP Platform

Due to a missing authorization check in the ABAP Platform, an authenticated user with elevated privileges could bypass authorization restrictions for common transactions by leveraging the SQL Console. This could enable an attacker to access and read the contents of database tables without proper...

CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)

Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...

CVE-2025-42946 Directory Traversal vulnerability in SAP S/4HANA (Bank Communication Management)

Due to directory traversal vulnerability in SAP S/4HANA Bank Communication Management, an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacke...

CVE-2025-42946

CVE-2025-42946 is a directory traversal vulnerability in SAP S/4HANA Bank Communication Management. An attacker with high privileges and access to a specific transaction/method could read or delete sensitive operating-system files, causing high confidentiality impact and low integrity impact; ava...

CVE-2025-42945 HTML Injection vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or it...

CVE-2025-42945

Summary (CVE-2025-42945) : SAP NetWeaver Application Server ABAP is reported to contain an HTML injection vulnerability. An attacker can craft a URL containing a malicious script that tricks a user with an active session into executing it. According to the documents, exploitation could lead to li...

CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...

CVE-2025-42942 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server for ABAP

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could...

CVE-2025-42942

CVE-2025-42942 : SAP NetWeaver Application Server for ABAP contains a cross-site scripting (XSS) vulnerability. An unauthenticated attacker can craft a URL embedded with malicious script and entice a victim to click it, resulting in the attacker being able to access and modify limited information...

CVE-2025-42941 Reverse Tabnabbing vulnerability in SAP Fiori (Launchpad)

SAP Fiori Launchpad is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary...

CVE-2025-42941

The CVE-2025-42941 entry describes a Reverse Tabnabbing issue in SAP Fiori (Launchpad) caused by insufficient external navigation protections on links. Affected software is SAP Fiori (Launchpad); the root cause is lack of proper navigation safeguards for anchor elements. Consequences stated incl...

CVE-2025-42936 Missing Authorization check in SAP NetWeaver Application Server for ABAP

The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restricted objects in the barcode interface, leading to privilege escalation. This results in a low impac...

CVE-2025-42936

CVE-2025-42936 affects SAP NetWeaver Application Server for ABAP. The root cause is missing support for distinguishing authorizations across roles, allowing authenticated users to access restricted objects in the barcode interface and causing privilege escalation. Impact is described as low for c...

CVE-2025-42934

Context: CVE-2025-42934 affects SAP S/4HANA Supplier invoice. What’s vulnerable: CRLF injection in inputs that bypasses the allowlist, enabling injection of untrusted sites into the Trusted Sites configuration. Affects SAP S/4HANA Supplier invoice functionality; root cause described as LF-based i...

PT-2025-32606 · Sap · Sap Netweaver Application Server Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: SAP NetWeaver Application Server ABAP is susceptible to an HTML injection issue. An attacker can construct a URL containing a malicious script as a payload,...