CVE-2025-42998

{"id": "CVE-2025-42998", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-06-10T01:15:23.307", "references": [{"url": "https://me.sap.com/notes/3594258", "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "source": "cna@sap.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads to low impact on confidentiality of the application, there is no impact on integrity and availability."}, {"lang": "es", "value": "La configuraci\u00f3n de seguridad de SAP Business One Integration Framework no se verifica adecuadamente, lo que permite a los atacantes eludir el error 403 \"Prohibido\" y acceder a p\u00e1ginas restringidas. Esto reduce el impacto en la confidencialidad de la aplicaci\u00f3n y no afecta a su integridad ni disponibilidad."}], "lastModified": "2025-06-12T16:06:39.330", "sourceIdentifier": "cna@sap.com"}