VDB
GCVE-110-NCSC-2025-7
GCVE-110-NCSC-2025-7
Advisory PublishedCVSS 9.9/10
SAP heeft kwetsbaarheden verholpen in SAP, NetWeaver en ABAP.
Weaknesses (CWE)
CWE-287Improper AuthenticationCWE-732Incorrect Permission Assignment for Critical ResourceCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-427Uncontrolled Search Path ElementCWE-639Authorization Bypass Through User-Controlled KeyCWE-862Missing AuthorizationCWE-209Generation of Error Message Containing Sensitive InformationCWE-434Unrestricted Upload of File with Dangerous Type
Risk Scores
CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| sap_se | sapsetup | — | — |
| sap_se | sap_businessobjects_business_intelligence_platform | — | — |
| sap_se | sap_gui_for_java | — | — |
| sap_se | sap_business_workflow_and_sap_flexible_workflow | — | — |
| sap_se | sap_netweaver_application_server_java | — | — |
| sap_se | sap_netweaver_as_abap_and_abap_platform | — | — |
| sap_se | sap_gui_for_windows | — | — |
| sap_se | sap_netweaver_application_server_for_abap_and_abap_platform | — | — |
| sap_se | sap_netweaver_as_for_abap_and_abap_platform__internet_communication_framework_ | — | — |
| sap_se | sap_netweaver_application_server_abap__applications_based_on_sap_gui_for_html_ | — | — |
| sap_se | sap_netweaver_application_server_abap | — | — |
| sap | sap | — | — |
| sap_se | sap_netweaver_as_java__user_admin_application_ | — | — |
Browse GCVE Records
73,040 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.