CVE-2025-42933Insufficiently Protected Credentials in SE SAP Business ONE

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 87.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business ONE
Timeline
PublishedSep 9

Description

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5sap_se/sap_business_oneB1_ON_HANA 10.0, SAP-M-BO 10.0+1

🔴Vulnerability Details

2
GHSA
GHSA-32mj-px89-qw66: When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs2025-09-09
CVEList
Insecure Storage of Sensitive Information in SAP Business One (SLD)2025-09-09
CVE-2025-42933 — Insufficiently Protected Credentials | cvebase