Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and...

4.1 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.

Basic Information

ID CVE-2025-42935

Source sap

Published Aug 12, 2025 at 02:05

Affected Product

Vendor SAP_SE

Product SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)

Version KRNL64NUC 7.22

Affected Versions SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64NUC 7.22
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.22EXT
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64UC 7.22
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.53
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KERNEL 7.22
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.54
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.77
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.89
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.93
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.14
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.15
SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.16

CWE Classification

CWE-532

AI Assessment

AI Score 4.1 / 10

AI Severity MEDIUM

Vendor SAP

Product SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Manager

Version 7.22,7.22EXT,7.53,7.54,7.77,7.89,7.93,9.14,9.15,9.16

References

{
    "lastseen": "",
    "description": "The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.",
    "published": "2025-08-12T02:05:09.983Z",
    "modified": "2025-08-12T02:05:09.983Z",
    "type": "cve",
    "title": "Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3601480\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42935",
    "bulletinFamily": "",
    "cwe": [
        "CWE-532"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64NUC 7.22\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.22EXT\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KRNL64UC 7.22\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.53\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) KERNEL 7.22\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.54\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.77\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.89\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 7.93\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.14\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.15\nSAP_SE SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager) 9.16",
    "sourceHref": "",
    "cvss": {
        "score": 4.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)",
    "version": "KRNL64NUC 7.22",
    "vendor": "SAP_SE",
    "ai_description": "The SAP NetWeaver Application Server ABAP and ABAP Platform Internet Communication Manager (ICM) permits authorized users with admin privileges and local access to log files to read sensitive information, resulting in information disclosure. This leads to high impact on the confidentiality of the application, with no impact on integrity or availability.",
    "ai_severity": "MEDIUM",
    "ai_vendor": "SAP",
    "ai_product": "SAP NetWeaver AS for ABAP and ABAP Platform Internet Communication Manager",
    "ai_version": "7.22,7.22EXT,7.53,7.54,7.77,7.89,7.93,9.14,9.15,9.16",
    "ai_score": 4.1
}

Information Disclosure vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform(Internet Communication Manager)_CVE-2025-42935