{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-0058","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2024-12-05T21:38:15.279Z","datePublished":"2025-01-14T00:08:59.323Z","dateUpdated":"2025-01-14T15:00:38.824Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Business Workflow and SAP Flexible Workflow","vendor":"SAP_SE","versions":[{"status":"affected","version":"SAP_BASIS 753"},{"status":"affected","version":"SAP_BASIS 754"},{"status":"affected","version":"SAP_BASIS 755"},{"status":"affected","version":"SAP_BASIS 756"},{"status":"affected","version":"SAP_BASIS 757"},{"status":"affected","version":"SAP_BASIS 758"},{"status":"affected","version":"SAP_BASIS 912"},{"status":"affected","version":"SAP_BASIS 913"},{"status":"affected","version":"SAP_BASIS 914"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.</p>"}],"value":"In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-639","description":"CWE-639: Authorization Bypass Through User-Controlled Key","lang":"eng","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2025-01-14T00:08:59.323Z"},"references":[{"url":"https://me.sap.com/notes/3542698"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-14T15:00:27.919691Z","id":"CVE-2025-0058","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-14T15:00:38.824Z"}}]}}