VDB
CISA-2025-43004
CISA-2025-43004
PUBLISHED
CVSS 5.3 MEDIUM
Reported by sap · Published May 13, 2025
Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.
Risk Scores
CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP Digital Manufacturing (Production Operator Dashboard) | CTNR-DME-PODFOUNDATION-MS 1.0 |
| SAP_SE | SAP Digital Manufacturing (Production Operator Dashboard) | CTNR-DME-PODFOUNDATION-MS 1.0, CTNR-DME-PODFOUNDATION-MS 1.0 |
Timeline
- May 13, 2025 CVE Published
- May 13, 2025 CVE Updated