Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP BusinessObjects Content Administrator workbench by SAP_SE

    CVE-2025-42985 (GCVE-0-2025-42985)

    Vulnerability from nvd – Published: 2025-07-08 00:38 – Updated: 2025-07-08 18:13
    VLAI
    Title
    Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench
    Summary
    Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BusinessObjects Content Administrator workbench Affected: DW4CORE 100
    Affected: 200
    Affected: 300
    Affected: 400
    Affected: SAP_BW 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Affected: 816
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T18:11:29.733687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T18:13:45.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BusinessObjects Content Administrator workbench",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                },
                {
                  "status": "affected",
                  "version": "816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T00:38:25.458Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3617380"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-42985",
        "datePublished": "2025-07-08T00:38:25.458Z",
        "dateReserved": "2025-04-16T13:25:48.060Z",
        "dateUpdated": "2025-07-08T18:13:45.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-42985 (GCVE-0-2025-42985)

    Vulnerability from cvelistv5 – Published: 2025-07-08 00:38 – Updated: 2025-07-08 18:13
    VLAI
    Title
    Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench
    Summary
    Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP BusinessObjects Content Administrator workbench Affected: DW4CORE 100
    Affected: 200
    Affected: 300
    Affected: 400
    Affected: SAP_BW 700
    Affected: 701
    Affected: 702
    Affected: 731
    Affected: 740
    Affected: 750
    Affected: 751
    Affected: 752
    Affected: 753
    Affected: 754
    Affected: 755
    Affected: 756
    Affected: 757
    Affected: 758
    Affected: 816
    Affected: SAP_BW_VIRTUAL_COMP 701
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-42985",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-08T18:11:29.733687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-08T18:13:45.154Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP BusinessObjects Content Administrator workbench",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "DW4CORE 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "300"
                },
                {
                  "status": "affected",
                  "version": "400"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW 700"
                },
                {
                  "status": "affected",
                  "version": "701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "740"
                },
                {
                  "status": "affected",
                  "version": "750"
                },
                {
                  "status": "affected",
                  "version": "751"
                },
                {
                  "status": "affected",
                  "version": "752"
                },
                {
                  "status": "affected",
                  "version": "753"
                },
                {
                  "status": "affected",
                  "version": "754"
                },
                {
                  "status": "affected",
                  "version": "755"
                },
                {
                  "status": "affected",
                  "version": "756"
                },
                {
                  "status": "affected",
                  "version": "757"
                },
                {
                  "status": "affected",
                  "version": "758"
                },
                {
                  "status": "affected",
                  "version": "816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BW_VIRTUAL_COMP 701"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim\ufffds browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact on confidentiality and integrity, with no impact on application availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-08T00:38:25.458Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3617380"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP BusinessObjects Content Administrator workbench",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-42985",
        "datePublished": "2025-07-08T00:38:25.458Z",
        "dateReserved": "2025-04-16T13:25:48.060Z",
        "dateUpdated": "2025-07-08T18:13:45.154Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }