CVE-2025-0068 — Missing Authorization in SE SAP Netweaver Application Server Abap

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 70.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Netweaver Application Server Abap

Timeline

PublishedJan 14

Description

An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5sap_se/sap_netweaver_application_server_abap14 versions+13

🔴Vulnerability Details

GHSA

GHSA-9mqg-4jv7-4m83: An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks↗2025-01-14

▶

CVEList

Missing Authorization check in Remote Function Call (RFC) in SAP NetWeaver Application Server ABAP↗2025-01-14

▶