mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
145 lines
5.9 KiB
JSON
145 lines
5.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2025-0070",
|
|
"ASSIGNER": "cna@sap.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-287: (Improper Authentication)",
|
|
"cweId": "CWE-287"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "SAP_SE",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "SAP NetWeaver Application Server for ABAP and ABAP Platform",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "KRNL64NUC 7.22"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.22EXT"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "KRNL64UC 7.22"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.53"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "8.04"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "KERNEL 7.22"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.54"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.77"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.89"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.93"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.97"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "9.12"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "9.13"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "9.14"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://me.sap.com/notes/3537476",
|
|
"refsource": "MISC",
|
|
"name": "https://me.sap.com/notes/3537476"
|
|
},
|
|
{
|
|
"url": "https://url.sap/sapsecuritypatchday",
|
|
"refsource": "MISC",
|
|
"name": "https://url.sap/sapsecuritypatchday"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.2.0"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.9,
|
|
"baseSeverity": "CRITICAL",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "CHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |