admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-266xx/CVE-2025-26660.json
cad-safe-bot 7ab230f046 Auto-Update: 2025-03-16T03:00:19.723046+00:00
2025-03-16 03:03:50 +00:00

64 lines
2.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-26660",
"sourceIdentifier": "cna@sap.com",
"published": "2025-03-11T01:15:35.837",
"lastModified": "2025-03-11T01:15:35.837",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."
},
{
"lang": "es",
"value": "Las aplicaciones SAP Fiori que utilizan la librer\u00eda de publicaci\u00f3n no configuran correctamente los par\u00e1metros de seguridad durante el proceso de configuraci\u00f3n, por lo que los dejan en los valores predeterminados o definidos de forma inadecuada. Esta vulnerabilidad permite que un atacante con pocos privilegios eluda los controles de acceso dentro de la aplicaci\u00f3n, lo que le permite modificar potencialmente los datos. La confidencialidad y la disponibilidad no se ven afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3557655",
"source": "cna@sap.com"
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink