CVE-2025-42882
published 2025-11-11CVE-2025-42882: Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with basic privileges could execute a specific function module in ABAP to retrieve restricted technical information from the system. This disclosure of environment details of the system could further assist this attacker to plan subsequent attacks. As a result, this vulnerability has a low impact on confidentiality, with no impact on the integrity or availability of the application.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |
| sap_se | sap_netweaver_application_server_for_abap | — | — |