Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for SAP CRM and SAP S/4HANA (Interaction Center) by SAP_SE

    CVE-2025-27430 (GCVE-0-2025-27430)

    Vulnerability from nvd – Published: 2025-03-11 00:37 – Updated: 2025-03-11 02:06
    VLAI
    Title
    Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
    Summary
    Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM and SAP S/4HANA (Interaction Center) Affected: S4CRM 100
    Affected: 200
    Affected: 204
    Affected: 205
    Affected: 206
    Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: S4CEXT 107
    Affected: BBPCRM 701
    Affected: 702
    Affected: 712
    Affected: 713
    Affected: 714
    Affected: WEBCUIF 701
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:06:37.325274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:06:54.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM and SAP S/4HANA (Interaction Center)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CRM 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "204"
                },
                {
                  "status": "affected",
                  "version": "205"
                },
                {
                  "status": "affected",
                  "version": "206"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 107"
                },
                {
                  "status": "affected",
                  "version": "BBPCRM 701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "712"
                },
                {
                  "status": "affected",
                  "version": "713"
                },
                {
                  "status": "affected",
                  "version": "714"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "746"
                },
                {
                  "status": "affected",
                  "version": "747"
                },
                {
                  "status": "affected",
                  "version": "748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnder certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability\u003c/p\u003e"
                }
              ],
              "value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:37:24.590Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3561861"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-27430",
        "datePublished": "2025-03-11T00:37:24.590Z",
        "dateReserved": "2025-02-25T09:29:51.244Z",
        "dateUpdated": "2025-03-11T02:06:54.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-27430 (GCVE-0-2025-27430)

    Vulnerability from cvelistv5 – Published: 2025-03-11 00:37 – Updated: 2025-03-11 02:06
    VLAI
    Title
    Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
    Summary
    Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-918 - Server-Side Request Forgery (SSRF)
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM and SAP S/4HANA (Interaction Center) Affected: S4CRM 100
    Affected: 200
    Affected: 204
    Affected: 205
    Affected: 206
    Affected: S4FND 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: S4CEXT 107
    Affected: BBPCRM 701
    Affected: 702
    Affected: 712
    Affected: 713
    Affected: 714
    Affected: WEBCUIF 701
    Affected: 731
    Affected: 746
    Affected: 747
    Affected: 748
    Affected: 800
    Affected: 801
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-27430",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-11T02:06:37.325274Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-11T02:06:54.297Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM and SAP S/4HANA (Interaction Center)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CRM 100"
                },
                {
                  "status": "affected",
                  "version": "200"
                },
                {
                  "status": "affected",
                  "version": "204"
                },
                {
                  "status": "affected",
                  "version": "205"
                },
                {
                  "status": "affected",
                  "version": "206"
                },
                {
                  "status": "affected",
                  "version": "S4FND 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "S4CEXT 107"
                },
                {
                  "status": "affected",
                  "version": "BBPCRM 701"
                },
                {
                  "status": "affected",
                  "version": "702"
                },
                {
                  "status": "affected",
                  "version": "712"
                },
                {
                  "status": "affected",
                  "version": "713"
                },
                {
                  "status": "affected",
                  "version": "714"
                },
                {
                  "status": "affected",
                  "version": "WEBCUIF 701"
                },
                {
                  "status": "affected",
                  "version": "731"
                },
                {
                  "status": "affected",
                  "version": "746"
                },
                {
                  "status": "affected",
                  "version": "747"
                },
                {
                  "status": "affected",
                  "version": "748"
                },
                {
                  "status": "affected",
                  "version": "800"
                },
                {
                  "status": "affected",
                  "version": "801"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eUnder certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability\u003c/p\u003e"
                }
              ],
              "value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-918",
                  "description": "CWE-918: Server-Side Request Forgery (SSRF)",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-11T00:37:24.590Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3561861"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2025-27430",
        "datePublished": "2025-03-11T00:37:24.590Z",
        "dateReserved": "2025-02-25T09:29:51.244Z",
        "dateUpdated": "2025-03-11T02:06:54.297Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }