Multiple SAP Products Vulnerabilities

April 11, 2025

Severity

Medium

Analysis Summary

CVE-2025-30017 CVSS:4.4

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.

CVE-2025-26657 CVSS:5.5

SAP KMC WPC allows an unauthenticated malicious user to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.

CVE-2025-27428 CVSS:7.7

An authorized attacker can exploit a directory traversal vulnerability in SAP Solution Manager through an RFC enabled function module. This vulnerability allows the attacker to access critical information by reading files from any managed system connected to the platform. The security issue has a high impact on confidentiality, with no effect on system integrity or availability. The potential breach could expose sensitive data through unauthorized file access.

CVE-2025-27429 CVSS:9.9

SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system.

CVE-2025-27435 CVSS:4.2

An unauthenticated vulnerability exists in SAP Commerce related to the Coupon Campaign URL. An attacker could potentially access customer coupon codes through URL parameters under certain conditions. This vulnerability allows unauthorized disclosure of coupon codes, which could enable an attacker to improperly use these codes. The security issue presents a low impact risk to the application's confidentiality and integrity of customer coupon information.

CVE-2025-27437 CVSS:4.3

A Missing Authorization Check vulnerability exists in the Virus Scanner Interface of SAP NetWeaver Application Server ABAP. Because of this, an attacker authenticated as a non-administrative user can initiate a transaction, allowing them to access but not modify non-sensitive data without further authorization and with no effect on availability.

CVE-2025-26653 CVSS:4.7

A Stored Cross-Site Scripting (XSS) vulnerability exists in SAP NetWeaver Application Server ABAP due to insufficient encoding of user-controlled inputs. This security flaw allows an unprivileged attacker to inject malicious JavaScript into a website. When a victim visits the compromised page, the injected script can execute, potentially compromising the confidentiality and integrity of the user's browser session. The vulnerability does not impact system availability.

CVE-2025-26654 CVSS:6.8

SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.

CVE-2025-23186 CVSS:8.5

In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated malicious user to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application.

Impact