Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-42894

Опубликовано: 11 нояб. 2025
Источник: nvd
CVSS3: 6.8
EPSS Низкий

Описание

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:sap:business_connector:4.8:*:*:*:*:*:*:*

EPSS

Процентиль: 30%
0.00114
Низкий

6.8 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

github логотип

GHSA-p996-cqr5-xw36

CVSS3: 6.8
github
3 месяца назад

Due to a Path Traversal vulnerability in SAP Business Connector, an attacker authenticated as an administrator with adjacent access could read, write, overwrite, and delete arbitrary files on the host system. Successful exploitation could enable the attacker to execute arbitrary operating system commands on the server, resulting in a complete compromise of the confidentiality, integrity, and availability of the affected system.

fstec логотип

BDU:2025-14449

CVSS3: 6.8
fstec
3 месяца назад

Уязвимость приложения для автоматизации бизнес-процессов и обработки данных SAP Business Connector (SAP BC), связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю получить доступ на чтение, изменение или удаление данных

EPSS

Процентиль: 30%
0.00114
Низкий

6.8 Medium

CVSS3

Дефекты

CWE-22