CVE-2025-42933 | THREATINT

Description

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2026-02-26 | Assigner sap

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-522: Insufficiently Protected Credentials

Product status

Default status

unaffected

B1_ON_HANA 10.0

affected

SAP-M-BO 10.0

affected

References

me.sap.com/notes/3642961

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42933)

nvd.nist.gov (CVE-2025-42933)

Download JSON