CVE-2025-26657 | THREATINT

Description

SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.

PUBLISHED Reserved 2025-02-12 | Published 2025-04-08 | Updated 2025-04-08 | Assigner sap

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

KMC-WPC 7.50

affected

References

me.sap.com/notes/3568307

url.sap/sapsecuritypatchday

cve.org (CVE-2025-26657)

nvd.nist.gov (CVE-2025-26657)

Download JSON