CVE-2025-42988

CWE-918Server-Side Request Forgery (SSRF)3 documents3 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 62.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business Objects Business Intelligence PlatformSAP Businessobjects Business Intelligence Platform
Timeline
PublishedJun 10

Description

Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/sap_business_objects_business_intelligence_platform2025, 2027, ENTERPRISE 430+2

Patches

Patch: url.sap

🔴Vulnerability Details

2
GHSA
GHSA-5p5j-jvxx-4r3v: Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the in2025-06-10
CVEList
Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform2025-06-10
CVE-2025-42988 (MEDIUM CVSS 5.3) | Under certain conditions | cvebase.io