July 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apache Cloudstack Vulnerabilities
June 11, 2025
ICS: Multiple Siemens Products Vulnerabilities
June 11, 2025
Multiple Apache Cloudstack Vulnerabilities
June 11, 2025
ICS: Multiple Siemens Products Vulnerabilities
June 11, 2025
Severity
Medium
Analysis Summary
CVE-2025-42993 CVSS:6.7
SAP S/4HANA (Enterprise Event Enablement) could allow a remote authenticated attacker to execute arbitrary code on the system, caused by missing authorization validation.
CVE-2025-42991 CVSS:4.3
SAP S/4HANA (Bank Account Application) could allow a remote authenticated attacker to delete attachment from bank account application of other user, caused by missing authorization validation.
CVE-2025-42989 CVSS:9.8
SAP NetWeaver Application Server for ABAP could allow a remote authenticated attacker to gain elevated privileges on the system, caused by missing authorization validation.
CVE-2025-42988 CVSS:3.7
SAP Business Objects Business Intelligence Platform is vulnerable to server-side request forgery, caused by improper validation of HTTP requests.
CVE-2025-42987 CVSS:4.3
SAP S/4HANA (Manage Processing Rules - For Bank Statement) could allow a remote authenticated attacker to edit shared rules of any user, caused by missing authorization validation.
CVE-2025-42984 CVSS:5.4
SAP S/4HANA (Manage Central Purchase Contract application) could allow a remote authenticated attacker to execute the function import on the entity making it inaccessible for unrestricted user, caused by missing authorization validation.
Impact
- Code Execution
- Security Bypass
- Privilege Escalation
- Gain Access
Indicators of Compromise
CVE
- CVE-2025-42993
- CVE-2025-42991
- CVE-2025-42989
- CVE-2025-42988
- CVE-2025-42987
- CVE-2025-42984
Affected Vendors
SAP
Affected Products
- SAP Business Objects Business Intelligence Platform ENTERPRISE 430
- SAP S/4HANA (Bank Account Application) S4CORE 108
- SAP S/4HANA (Enterprise Event Enablement) SAP_GWFND 757
- SAP S/4HANA (Enterprise Event Enablement) SAP_GWFND 758
- SAP NetWeaver Application Server for ABAP KERNEL 7.89
- SAP NetWeaver Application Server for ABAP 7.93
- SAP NetWeaver Application Server for ABAP 9.14
- SAP NetWeaver Application Server for ABAP 9.15
- SAP Business Objects Business Intelligence Platform 2025
- SAP Business Objects Business Intelligence Platform 2027
- SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 104
- SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 105
- SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 106
- SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 107
- SAP S/4HANA (Manage Processing Rules - For Bank Statement) S4CORE 108
- SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 106
- SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 107
- SAP S/4HANA (Manage Central Purchase Contract application) S4CORE 108
Remediation
Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)