Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP Business Warehouse (Process Chains) by SAP_SE

    CVE-2025-25244 (GCVE-0-2025-25244)

    Vulnerability from nvd – Published: 2025-03-11 00:34 – Updated: 2025-03-11 02:12
    VLAI
    Title
    Missing Authorization Check in SAP Business Warehouse (Process Chains)
    Summary
    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse (Process Chains) Affected: DW4CORE 100
    Affected: 200
    Affected: 300
    Affected: 400
    Affected: 914
    Affected: SAP_BW 730
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:11:49.931451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:12:02.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse (Process Chains)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "914"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:34:42.757Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3552144"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Check in SAP Business Warehouse (Process Chains)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-25244",
        "datePublished": "2025-03-11T00:34:42.757Z",
        "dateReserved": "2025-02-04T23:28:33.502Z",
        "dateUpdated": "2025-03-11T02:12:02.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-25244 (GCVE-0-2025-25244)

    Vulnerability from cvelistv5 – Published: 2025-03-11 00:34 – Updated: 2025-03-11 02:12
    VLAI
    Title
    Missing Authorization Check in SAP Business Warehouse (Process Chains)
    Summary
    SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Business Warehouse (Process Chains) Affected: DW4CORE 100
    Affected: 200
    Affected: 300
    Affected: 400
    Affected: 914
    Affected: SAP_BW 730
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25244",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:11:49.931451Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:12:02.750Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Business Warehouse (Process Chains)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "914"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 730"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Business Warehouse (Process Chains) allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data loading, activation, or deletion, will not be executed as initially modeled. This could lead to unexpected results in business reporting leading to a significant impact on integrity. However, there is no impact on confidentiality or availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:34:42.757Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3552144"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization Check in SAP Business Warehouse (Process Chains)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-25244",
        "datePublished": "2025-03-11T00:34:42.757Z",
        "dateReserved": "2025-02-04T23:28:33.502Z",
        "dateUpdated": "2025-03-11T02:12:02.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }