Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances

3 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

Description

SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.

Basic Information

ID CVE-2025-42909

Source sap

Published Oct 14, 2025 at 00:18

Affected Product

Vendor SAP_SE

Product SAP Cloud Appliance Library Appliances

Version TITANIUM_WEBAPP 4.0

Affected Versions SAP_SE SAP Cloud Appliance Library Appliances TITANIUM_WEBAPP 4.0

CWE Classification

CWE-1004

References

{
    "lastseen": "",
    "description": "SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access to other appliances. This has low impact on confidentiality of the application, integrity and availability is not impacted.",
    "published": "2025-10-14T00:18:11.957Z",
    "modified": "2025-10-14T00:18:11.957Z",
    "type": "cve",
    "title": "Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances",
    "source": "sap",
    "references": "https://me.sap.com/notes/3643871\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42909",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1004"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Cloud Appliance Library Appliances TITANIUM_WEBAPP 4.0",
    "sourceHref": "",
    "cvss": {
        "score": 3,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Cloud Appliance Library Appliances",
    "version": "TITANIUM_WEBAPP 4.0",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Security Misconfiguration vulnerability in SAP Cloud Appliance Library Appliances_CVE-2025-42909