VDB

GCVE-110-NCSC-2025-45

GCVE-110-NCSC-2025-45
Advisory PublishedCVSS 5.3/10
Vulnetix · Advisory published February 11, 2025
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Weaknesses (CWE)

CWE-306Missing Authentication for Critical FunctionCWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')CWE-284Improper Access ControlCWE-404Improper Resource Shutdown or ReleaseCWE-287Improper AuthenticationCWE-1188Initialization of a Resource with an Insecure DefaultCWE-732Incorrect Permission Assignment for Critical ResourceCWE-862Missing AuthorizationCWE-644Improper Neutralization of HTTP Headers for Scripting SyntaxCWE-204Observable Response DiscrepancyCWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-863Incorrect AuthorizationCWE-921Storage of Sensitive Data in a Mechanism without Access ControlCWE-1021Improper Restriction of Rendered UI Layers or FramesCWE-352Cross-Site Request Forgery (CSRF)

Risk Scores

CVSS 3.1
5.3/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersionsPlatforms
sapabap_platform
sapcommerce
sapnetweaver_java_application_server
sapnetweaver_as_java_for_deploy_service
sapnetweaver
sapnetweaver_application_server_java
sapsupplier_relationship_management
sapnetweaver_server_abap
sapnetweaver_as_java
sapcommerce_backoffice

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,738 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›