CVE-2025-43006

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3588455
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

13 May 2025, 19:35

Type	Values Removed	Values Added
Summary		(es) SAP Supplier Relationship Management (Master Data Management Catalogue) permite que un atacante no autenticado ejecute scripts maliciosos en la aplicación, lo que podría provocar una vulnerabilidad de Cross-Site Scripting (XSS). Esto no afecta la disponibilidad de la aplicación, pero puede tener un impacto leve en su confidencialidad e integridad.

13 May 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-13 01:15

Updated : 2025-05-13 19:35

NVD link : CVE-2025-43006

Mitre link : CVE-2025-43006

CVE.ORG link : CVE-2025-43006

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-43006", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-05-13T01:15:49.313", "references": [{"url": "https://me.sap.com/notes/3588455", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity."}, {"lang": "es", "value": "SAP Supplier Relationship Management (Master Data Management Catalogue) permite que un atacante no autenticado ejecute scripts maliciosos en la aplicaci\u00f3n, lo que podr\u00eda provocar una vulnerabilidad de Cross-Site Scripting (XSS). Esto no afecta la disponibilidad de la aplicaci\u00f3n, pero puede tener un impacto leve en su confidencialidad e integridad."}], "lastModified": "2025-05-13T19:35:18.080", "sourceIdentifier": "cna@sap.com"}

6.1 /10