CVE-2025-27437

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3568778
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

08 Apr 2025, 18:13

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de falta de comprobación de autorización en la interfaz del escáner de virus de SAP NetWeaver Application Server ABAP. Debido a esto, un atacante autenticado como usuario no administrativo puede iniciar una transacción, lo que le permite acceder, pero no modificar, datos no sensibles sin autorización adicional y sin afectar la disponibilidad.

08 Apr 2025, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-08 08:15

Updated : 2025-04-08 18:13

NVD link : CVE-2025-27437

Mitre link : CVE-2025-27437

CVE.ORG link : CVE-2025-27437

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10