Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

8.1 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Description

SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.

AI Analysis

SAP NetWeaver Application Server ABAP (BIC Document) is vulnerable to memory corruption and out-of-bounds read attacks, leading to crashes and information disclosure.

Basic Information

ID CVE-2025-42976

Source sap

Published Aug 12, 2025 at 02:10

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Application Server ABAP (BIC Document)

Version S4COREOP 104

Affected Versions SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) S4COREOP 104
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 105
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 106
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 107
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 108
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) SEM-BW 600
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 602
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 603
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 604
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 605
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 634
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 736
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 746
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 747
SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 748

CWE Classification

CWE-125

AI Assessment

AI Score 8.1 / 10

AI Severity HIGH

Vendor SAP

Product NetWeaver Application Server ABAP (BIC Document)

Version S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747, 748

References

{
    "lastseen": "",
    "description": "SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information.",
    "published": "2025-08-12T02:10:06.835Z",
    "modified": "2025-08-12T02:10:06.835Z",
    "type": "cve",
    "title": "Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3611184\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42976",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Application Server ABAP (BIC Document) S4COREOP 104\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 105\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 106\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 107\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 108\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) SEM-BW 600\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 602\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 603\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 604\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 605\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 634\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 736\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 746\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 747\nSAP_SE SAP NetWeaver Application Server ABAP (BIC Document) 748",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Application Server ABAP (BIC Document)",
    "version": "S4COREOP 104",
    "vendor": "SAP_SE",
    "ai_description": "SAP NetWeaver Application Server ABAP (BIC Document) is vulnerable to memory corruption and out-of-bounds read attacks, leading to crashes and information disclosure.",
    "ai_severity": "HIGH",
    "ai_vendor": "SAP",
    "ai_product": "NetWeaver Application Server ABAP (BIC Document)",
    "ai_version": "S4COREOP 104, 105, 106, 107, 108, SEM-BW 600, 602, 603, 604, 605, 634, 736, 746, 747, 748",
    "ai_score": 8.1
}

Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)_CVE-2025-42976