Home

Description

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.

PUBLISHED Reserved 2025-04-16 | Published 2025-10-14 | Updated 2025-10-14 | Assigner sap




LOW: 3.0CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-1004: Sensitive Cookie Without HttpOnly Flag

Product status

Default status
unaffected

TITANIUM_WEBAPP 4.0
affected

References

me.sap.com/notes/3643871

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42909)

nvd.nist.gov (CVE-2025-42909)

Download JSON