VDB

GCVE-110-NCSC-2025-7

GCVE-110-NCSC-2025-7
Advisory PublishedCVSS 9.9/10
Vulnetix · Advisory published January 14, 2025
SAP heeft kwetsbaarheden verholpen in SAP, NetWeaver en ABAP.

Weaknesses (CWE)

CWE-287Improper AuthenticationCWE-732Incorrect Permission Assignment for Critical ResourceCWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-427Uncontrolled Search Path ElementCWE-639Authorization Bypass Through User-Controlled KeyCWE-862Missing AuthorizationCWE-209Generation of Error Message Containing Sensitive InformationCWE-434Unrestricted Upload of File with Dangerous Type

Risk Scores

CVSS 3.1
9.9/10
Critical · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
sap_sesapsetup
sap_sesap_businessobjects_business_intelligence_platform
sap_sesap_gui_for_java
sap_sesap_business_workflow_and_sap_flexible_workflow
sap_sesap_netweaver_application_server_java
sap_sesap_netweaver_as_abap_and_abap_platform
sap_sesap_gui_for_windows
sap_sesap_netweaver_application_server_for_abap_and_abap_platform
sap_sesap_netweaver_as_for_abap_and_abap_platform__internet_communication_framework_
sap_sesap_netweaver_application_server_abap__applications_based_on_sap_gui_for_html_
sap_sesap_netweaver_application_server_abap
sapsap
sap_sesap_netweaver_as_java__user_admin_application_

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›