CVE-2025-42942

{"id": "CVE-2025-42942", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-08-12T03:15:26.810", "references": [{"url": "https://me.sap.com/notes/3597355", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application."}, {"lang": "es", "value": "SAP NetWeaver Application Server para ABAP presenta una vulnerabilidad de cross-site scripting. Debido a esto, un atacante no autenticado podr\u00eda manipular una URL con un script malicioso incrustado y enga\u00f1ar a una v\u00edctima no autenticada para que haga clic en ella y ejecute el script. Tras explotarla con \u00e9xito, el atacante podr\u00eda acceder y modificar informaci\u00f3n limitada dentro del alcance del navegador de la v\u00edctima. Esta vulnerabilidad no afecta la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-08-12T14:25:33.177", "sourceIdentifier": "cna@sap.com"}