CVE-2025-42960

{"id": "CVE-2025-42960", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-07-08T01:15:22.633", "references": [{"url": "https://me.sap.com/notes/3608991", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.\ufffdIt has no impact on the confidentiality and availability of the application."}, {"lang": "es", "value": "SAP Business Warehouse y SAP BW/4HANA BEx Tools permiten a un atacante autenticado obtener niveles de acceso superiores a los previstos al explotar comprobaciones de autorizaci\u00f3n incorrectas. Esto podr\u00eda afectar la integridad de los datos al permitir la eliminaci\u00f3n de entradas de la tabla de usuarios. No afecta la confidencialidad ni la disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2025-07-08T16:18:14.207", "sourceIdentifier": "cna@sap.com"}