CVE-2025-42998 | THREATINT

Description

The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability.

PUBLISHED Reserved 2025-04-16 | Published 2025-06-10 | Updated 2025-06-10 | Assigner sap

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-346: Origin Validation Error

Product status

Default status

unaffected

B1_ON_HANA 10.0

affected

SAP-M-BO 10.0

affected

References

me.sap.com/notes/3594258

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42998)

nvd.nist.gov (CVE-2025-42998)

Download JSON