Missing Authorization check in SAP Enterprise Search for ABAP

5.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

Description

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability.

Basic Information

ID CVE-2025-42891

Source sap

Published Dec 9, 2025 at 02:15

Affected Product

Vendor SAP_SE

Product SAP Enterprise Search for ABAP

Version SAP_BASIS 752

Affected Versions SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 752
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 753
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 754
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 755
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 756
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 757
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 758
SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 816

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application's availability.",
    "published": "2025-12-09T02:15:18.798Z",
    "modified": "2025-12-09T02:15:18.798Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP Enterprise Search for ABAP",
    "source": "sap",
    "references": "https://me.sap.com/notes/3659117\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42891",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Enterprise Search for ABAP SAP_BASIS 752\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 753\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 754\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 755\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 756\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 757\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 758\nSAP_SE SAP Enterprise Search for ABAP SAP_BASIS 816",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Enterprise Search for ABAP",
    "version": "SAP_BASIS 752",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization check in SAP Enterprise Search for ABAP_CVE-2025-42891