CVE-2025-26657

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3568307
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) SAP KMC WPC permite que un atacante no autenticado obtenga nombres de usuario de forma remota mediante una simple consulta de parámetros, lo que podría exponer información confidencial, con un impacto mínimo en la confidencialidad de la aplicación. Esto no afecta la integridad ni la disponibilidad.

08 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 08:15

Updated : 2025-04-08 18:13

NVD link : CVE-2025-26657

Mitre link : CVE-2025-26657

CVE.ORG link : CVE-2025-26657

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

5.3 /10