Missing Authentication check in SAP NetWeaver Application Server Java

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.

Basic Information

ID CVE-2025-42926

Source sap

Published Sep 9, 2025 at 02:10

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Application Server Java

Version WD-RUNTIME 7.50

Affected Versions SAP_SE SAP NetWeaver Application Server Java WD-RUNTIME 7.50

CWE Classification

CWE-306

References

{
    "lastseen": "",
    "description": "SAP NetWeaver Application Server Java does not perform an authentication check when an attacker attempts to access internal files within the web application.Upon successfully exploitation, an unauthenticated attacker could access these files to gather additional sensitive information about the system.This vulnerability has a low impact on confidentiality and does not affect the integrity or availability of the server.",
    "published": "2025-09-09T02:10:03.616Z",
    "modified": "2025-09-09T02:10:03.616Z",
    "type": "cve",
    "title": "Missing Authentication check in SAP NetWeaver Application Server Java",
    "source": "sap",
    "references": "https://me.sap.com/notes/3619465\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42926",
    "bulletinFamily": "",
    "cwe": [
        "CWE-306"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Application Server Java WD-RUNTIME 7.50",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Application Server Java",
    "version": "WD-RUNTIME 7.50",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authentication check in SAP NetWeaver Application Server Java_CVE-2025-42926