CVE-2025-42897Insufficiently Protected Credentials in SE SAP Business ONE

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 90.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business ONE
Timeline
PublishedNov 11

Description

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5sap_se/sap_business_oneB1_ON_HANA 10.0, SAP-M-BO 10.0+1

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP Business One (SLD)2025-11-11
GHSA
GHSA-4q9v-f5hf-6j33: Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access2025-11-11
CVE-2025-42897 — Insufficiently Protected Credentials | cvebase