Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-6xr2-ww2p-m9pg

Опубликовано: 11 мар. 2025
Источник: github
Github: Не прошло ревью
CVSS3: 4.3

Описание

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.

Ссылки

EPSS

Процентиль: 29%
0.00105
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-26660

Дефекты

CWE-639

Связанные уязвимости

nvd логотип

CVE-2025-26660

CVSS3: 4.3
nvd
11 месяцев назад

SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted.

fstec логотип

BDU:2025-03631

CVSS3: 4.3
fstec
11 месяцев назад

Уязвимость платформы проектирования бизнес-приложений SAP Fiori, связанная с обходом авторизации посредством ключа, контролируемого пользователем, позволяющая нарушителю обойти существующие ограничения безопасности

EPSS

Процентиль: 29%
0.00105
Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-26660

Дефекты

CWE-639