Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.
References
Configurations
No configuration.
History
08 Jul 2025, 16:18
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
08 Jul 2025, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-07-08 01:15
Updated : 2025-07-08 16:18
NVD link : CVE-2025-42986
Mitre link : CVE-2025-42986
CVE.ORG link : CVE-2025-42986
JSON object : View
Products Affected
No product.
CWE
CWE-862
Missing Authorization