CVE-2025-42960 | THREATINT

Description

SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact data integrity by allowing deletion of user table entries.�It has no impact on the confidentiality and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-07-08 | Updated 2025-07-08 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

DW4CORE 100

affected

200

affected

300

affected

400

affected

SAP_BW 700

affected

701

affected

702

affected

731

affected

740

affected

750

affected

751

affected

752

affected

753

affected

754

affected

755

affected

756

affected

757

affected

758

affected

816

affected

SAP_BW_VIRTUAL_COMP 701

affected

References

me.sap.com/notes/3608991

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42960)

nvd.nist.gov (CVE-2025-42960)

Download JSON