{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-42960","assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","state":"PUBLISHED","assignerShortName":"sap","dateReserved":"2025-04-16T13:25:39.584Z","datePublished":"2025-07-08T00:35:16.492Z","dateUpdated":"2025-07-08T16:14:19.362Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"SAP Business Warehouse and SAP BW/4HANA BEx Tools","vendor":"SAP_SE","versions":[{"status":"affected","version":"DW4CORE 100"},{"status":"affected","version":"200"},{"status":"affected","version":"300"},{"status":"affected","version":"400"},{"status":"affected","version":"SAP_BW 700"},{"status":"affected","version":"701"},{"status":"affected","version":"702"},{"status":"affected","version":"731"},{"status":"affected","version":"740"},{"status":"affected","version":"750"},{"status":"affected","version":"751"},{"status":"affected","version":"752"},{"status":"affected","version":"753"},{"status":"affected","version":"754"},{"status":"affected","version":"755"},{"status":"affected","version":"756"},{"status":"affected","version":"757"},{"status":"affected","version":"758"},{"status":"affected","version":"816"},{"status":"affected","version":"SAP_BW_VIRTUAL_COMP 701"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.</p>"}],"value":"SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-862","description":"CWE-862: Missing Authorization","lang":"eng","type":"CWE"}]}],"providerMetadata":{"orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap","dateUpdated":"2025-07-08T00:35:16.492Z"},"references":[{"url":"https://me.sap.com/notes/3608991"},{"url":"https://url.sap/sapsecuritypatchday"}],"source":{"discovery":"UNKNOWN"},"title":"Missing Authorization Check in SAP Business Warehouse and SAP BW/4HANA BEx Tools","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-08T14:30:56.939939Z","id":"CVE-2025-42960","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-08T16:14:19.362Z"}}]}}