Home

Description

Due to a missing authorization check in SAP Cloud Connector, an attacker on an adjacent network with low privileges could send a crafted request to the endpoint responsible for testing LDAP connections. A successful exploit could lead to reduced performance, hence a low-impact on availability of the service. Confidentiality and integrity of the data are not affected.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-13 | Assigner sap




LOW: 3.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

SAP_CLOUD_CONNECTOR 2.0
affected

References

me.sap.com/notes/3611345

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42955)

nvd.nist.gov (CVE-2025-42955)

Download JSON