Request a Demo
Rewterz
Multiple Apache Cloudstack Vulnerabilities
June 11, 2025
Rewterz
ICS: Multiple Siemens Products Vulnerabilities
June 11, 2025

Multiple SAP Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-42993 CVSS:6.7

SAP S/4HANA (Enterprise Event Enablement) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by missing authorization validation.

CVE-2025-42991 CVSS:4.3

SAP S/4HANA (Bank Account Application) could allow a remote authenticated attacker to delete attachment from bank account application of other user, caused by missing authorization validation.

CVE-2025-42989 CVSS:9.8

SAP NetWeaver Application Server for ABAP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by missing authorization validation.

CVE-2025-42988 CVSS:3.7

SAP Business Objects Business Intelligence Platform is vulnerable to server-side request forgery, caused by improper validation of HTTP requests.

CVE-2025-42987 CVSS:4.3

SAP S/4HANA (Manage Processing Rules - For Bank Statement) could allow a remote authenticated attacker to edit shared rules of any user, caused by missing authorization validation.

CVE-2025-42984 CVSS:5.4

SAP S/4HANA (Manage Central Purchase Contract application) could allow a remote authenticated attacker to execute the function import on the entity making it inaccessible for unrestricted user, caused by missing authorization validation.

Impact

  • Code Execution
  • Security Bypass
  • Privilege Escalation
  • Gain Access

Indicators of Compromise

CVE

  • CVE-2025-42993
  • CVE-2025-42991
  • CVE-2025-42989
  • CVE-2025-42988
  • CVE-2025-42987
  • CVE-2025-42984

Affected Vendors

SAP

Affected Products

  • SAP Business Objects Business Intelligence Platform ENTERPRISE 430
  • SAP S/4HANA (Bank Account Application) S4CORE 108
  • SAP S/4HANA (Enterprise Event Enablement) SAP_GWFND 757
  • SAP S/4HANA (Enterprise Event Enablement) SAP_GWFND 758
  • SAP NetWeaver Application Server for ABAP KERNEL 7.89
  • SAP NetWeaver Application Server for ABAP 7.93
  • SAP NetWeaver Application Server for ABAP 9.14
  • SAP NetWeaver Application Server for ABAP 9.15
  • SAP Business Objects Business Intelligence Platform 2025
  • SAP Business Objects Business Intelligence Platform 2027
  • SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 104
  • SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 105
  • SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 106
  • SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 107
  • SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 108
  • SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 106
  • SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 107
  • SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 108

Remediation

Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)

CVE-2025-42993 

CVE-2025-42991

CVE-2025-42989

CVE-2025-42988

CVE-2025-42987

CVE-2025-42984