Search criteria
2 vulnerabilities found for SAP CRM and SAP S/4HANA (Interaction Center) by SAP_SE
CVE-2025-27430 (GCVE-0-2025-27430)
Vulnerability from nvd – Published: 2025-03-11 00:37 – Updated: 2025-03-11 02:06
VLAI?
Title
Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
Summary
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) |
Affected:
S4CRM 100
Affected: 200 Affected: 204 Affected: 205 Affected: 206 Affected: S4FND 102 Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 Affected: S4CEXT 107 Affected: BBPCRM 701 Affected: 702 Affected: 712 Affected: 713 Affected: 714 Affected: WEBCUIF 701 Affected: 731 Affected: 746 Affected: 747 Affected: 748 Affected: 800 Affected: 801 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:06:37.325274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:06:54.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CRM and SAP S/4HANA (Interaction Center)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CRM 100"
},
{
"status": "affected",
"version": "200"
},
{
"status": "affected",
"version": "204"
},
{
"status": "affected",
"version": "205"
},
{
"status": "affected",
"version": "206"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "BBPCRM 701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "712"
},
{
"status": "affected",
"version": "713"
},
{
"status": "affected",
"version": "714"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "746"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "748"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnder certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability\u003c/p\u003e"
}
],
"value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T00:37:24.590Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3561861"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-27430",
"datePublished": "2025-03-11T00:37:24.590Z",
"dateReserved": "2025-02-25T09:29:51.244Z",
"dateUpdated": "2025-03-11T02:06:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27430 (GCVE-0-2025-27430)
Vulnerability from cvelistv5 – Published: 2025-03-11 00:37 – Updated: 2025-03-11 02:06
VLAI?
Title
Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)
Summary
Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application's confidentiality. There is no impact on integrity or availability
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP CRM and SAP S/4HANA (Interaction Center) |
Affected:
S4CRM 100
Affected: 200 Affected: 204 Affected: 205 Affected: 206 Affected: S4FND 102 Affected: 103 Affected: 104 Affected: 105 Affected: 106 Affected: 107 Affected: 108 Affected: S4CEXT 107 Affected: BBPCRM 701 Affected: 702 Affected: 712 Affected: 713 Affected: 714 Affected: WEBCUIF 701 Affected: 731 Affected: 746 Affected: 747 Affected: 748 Affected: 800 Affected: 801 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27430",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T02:06:37.325274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T02:06:54.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP CRM and SAP S/4HANA (Interaction Center)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CRM 100"
},
{
"status": "affected",
"version": "200"
},
{
"status": "affected",
"version": "204"
},
{
"status": "affected",
"version": "205"
},
{
"status": "affected",
"version": "206"
},
{
"status": "affected",
"version": "S4FND 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
},
{
"status": "affected",
"version": "S4CEXT 107"
},
{
"status": "affected",
"version": "BBPCRM 701"
},
{
"status": "affected",
"version": "702"
},
{
"status": "affected",
"version": "712"
},
{
"status": "affected",
"version": "713"
},
{
"status": "affected",
"version": "714"
},
{
"status": "affected",
"version": "WEBCUIF 701"
},
{
"status": "affected",
"version": "731"
},
{
"status": "affected",
"version": "746"
},
{
"status": "affected",
"version": "747"
},
{
"status": "affected",
"version": "748"
},
{
"status": "affected",
"version": "800"
},
{
"status": "affected",
"version": "801"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUnder certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability\u003c/p\u003e"
}
],
"value": "Under certain conditions, an SSRF vulnerability in SAP CRM and SAP S/4HANA (Interaction Center) allows an attacker with low privileges to access restricted information. This flaw enables the attacker to send requests to internal network resources, thereby compromising the application\u0027s confidentiality. There is no impact on integrity or availability"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T00:37:24.590Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3561861"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Server Side Request Forgery (SSRF) in SAP CRM and SAP S/4 HANA (Interaction Center)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-27430",
"datePublished": "2025-03-11T00:37:24.590Z",
"dateReserved": "2025-02-25T09:29:51.244Z",
"dateUpdated": "2025-03-11T02:06:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}