Missing input validation vulnerability in SAP Landscape Transformation Replication Server

8.1 / 10

HIGH

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

Description

Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.

Basic Information

ID CVE-2025-42929

Source sap

Published Sep 9, 2025 at 02:10

Affected Product

Vendor SAP_SE

Product SAP Landscape Transformation Replication Server

Version DMIS 2011_1_620

Affected Versions SAP_SE SAP Landscape Transformation Replication Server DMIS 2011_1_620
SAP_SE SAP Landscape Transformation Replication Server 2011_1_640
SAP_SE SAP Landscape Transformation Replication Server 2011_1_700
SAP_SE SAP Landscape Transformation Replication Server 2011_1_710
SAP_SE SAP Landscape Transformation Replication Server 2011_1_730
SAP_SE SAP Landscape Transformation Replication Server 2011_1_731
SAP_SE SAP Landscape Transformation Replication Server 2011_1_752
SAP_SE SAP Landscape Transformation Replication Server 2020

CWE Classification

CWE-1287

References

{
    "lastseen": "",
    "description": "Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database.",
    "published": "2025-09-09T02:10:59.447Z",
    "modified": "2025-09-09T02:10:59.447Z",
    "type": "cve",
    "title": "Missing input validation vulnerability in SAP Landscape Transformation Replication Server",
    "source": "sap",
    "references": "https://me.sap.com/notes/3633002\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42929",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1287"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Landscape Transformation Replication Server DMIS 2011_1_620\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_640\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_700\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_710\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_730\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_731\nSAP_SE SAP Landscape Transformation Replication Server 2011_1_752\nSAP_SE SAP Landscape Transformation Replication Server 2020",
    "sourceHref": "",
    "cvss": {
        "score": 8.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Landscape Transformation Replication Server",
    "version": "DMIS 2011_1_620",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing input validation vulnerability in SAP Landscape Transformation Replication Server_CVE-2025-42929