VDB

CISA-2025-43004

CISA-2025-43004 PUBLISHED CVSS 5.3 MEDIUM

Reported by sap · Published May 13, 2025

Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. Since no mechanisms exist to enforce authentication, malicious unauthenticated users can view non-sensitive customer information. However, this does not affect data integrity or availability.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
SAP_SESAP Digital Manufacturing (Production Operator Dashboard)CTNR-DME-PODFOUNDATION-MS 1.0
SAP_SESAP Digital Manufacturing (Production Operator Dashboard)CTNR-DME-PODFOUNDATION-MS 1.0, CTNR-DME-PODFOUNDATION-MS 1.0

Timeline

  • May 13, 2025 CVE Published
  • May 13, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›