exploitDog

GHSA-mjjf-m9pr-358v

Опубликовано: 08 июл. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

Ссылки

EPSS

Процентиль: 11%

0.00036

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-862

Связанные уязвимости

CVE-2025-42986

CVSS3: 4.3

nvd

7 месяцев назад

Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing restricted system information. This results in low impact on confidentiality, with no impact on integrity or availability of the application.

BDU:2025-10640

CVSS3: 4.3

fstec

7 месяцев назад

Уязвимость программных интеграционных платформ SAP NetWeaver и ABAP Platform, связанная с отсутствием авторизации, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

EPSS

Процентиль: 11%

0.00036

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-862