Code Injection vulnerability in SAP FICA ODN framework_CVE-2025-42947

5.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L

Description

SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.

Basic Information

ID CVE-2025-42947

Source sap

Published Jul 23, 2025 at 03:25

Modified Jul 23, 2025 at 15:20

Affected Product

Vendor SAP_SE

Product SAP FICA ODN framework

Version SAPSCORE 132

Affected Versions SAP_SE SAP FICA ODN framework SAPSCORE 132
SAP_SE SAP FICA ODN framework S4CORE 102
SAP_SE SAP FICA ODN framework 103
SAP_SE SAP FICA ODN framework 104
SAP_SE SAP FICA ODN framework 105
SAP_SE SAP FICA ODN framework 106
SAP_SE SAP FICA ODN framework 107
SAP_SE SAP FICA ODN framework 108
SAP_SE SAP FICA ODN framework FI-CA 606
SAP_SE SAP FICA ODN framework 616
SAP_SE SAP FICA ODN framework 617
SAP_SE SAP FICA ODN framework 618

CWE Classification

CWE-94

References

{
    "lastseen": "",
    "description": "SAP FICA ODN framework allows a high privileged user to inject value inside the local variable which can then be executed by the application. An attacker could thereby control the behaviour of the application causing high impact on integrity, low impact on availability and no impact on confidentiality of the application.",
    "published": "2025-07-23T03:25:10.245Z",
    "modified": "2025-07-23T15:20:22.443Z",
    "type": "cve",
    "title": "Code Injection vulnerability in SAP FICA ODN framework",
    "source": "sap",
    "references": "https://me.sap.com/notes/3540688\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42947",
    "bulletinFamily": "",
    "cwe": [
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP FICA ODN framework SAPSCORE 132\nSAP_SE SAP FICA ODN framework S4CORE 102\nSAP_SE SAP FICA ODN framework 103\nSAP_SE SAP FICA ODN framework 104\nSAP_SE SAP FICA ODN framework 105\nSAP_SE SAP FICA ODN framework 106\nSAP_SE SAP FICA ODN framework 107\nSAP_SE SAP FICA ODN framework 108\nSAP_SE SAP FICA ODN framework FI-CA 606\nSAP_SE SAP FICA ODN framework 616\nSAP_SE SAP FICA ODN framework 617\nSAP_SE SAP FICA ODN framework 618",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP FICA ODN framework",
    "version": "SAPSCORE 132",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}