5 matches found
CVE-2025-42890 Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...
CVE-2025-42890 Insecure key & Secret Management vulnerability in SQL Anywhere Monitor (Non-Gui)
SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...
CVE-2025-42890
SAP SQL Anywhere Monitor (Non-GUI) contains hard-coded credentials in its code, affecting version 17.0 and earlier (prior to SAP Note 3666261). This creates risk of unauthorized access and potential arbitrary code execution. Remediation: apply SAP Note 3666261 and rotate related credentials. As a...
CVE-2025-42979 Insecure Key & Secret Management vulnerability in SAP GUI for Windows
The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on the client PC. This leads to a high impact on confidentiality because any attacker who gains access to the user hive o...
CVE-2025-24870 Insecure Key & Secret Management vulnerability in SAP GUI for Windows
SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege escalation. On successful exploitation, this could result in disclosure of highly sensitive...