Home

Description

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on confidentiality. There is no impact on integrity or availability.

PUBLISHED Reserved 2025-02-25 | Published 2025-04-08 | Updated 2025-04-08 | Assigner sap




HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

ST-PI 2008_1_700
affected

2008_1_710
affected

740
affected

References

me.sap.com/notes/3581811

url.sap/sapsecuritypatchday

cve.org (CVE-2025-27428)

nvd.nist.gov (CVE-2025-27428)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.