{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-42951", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-04-16T13:25:37.188Z", "datePublished": "2025-08-12T02:08:43.494Z", "dateUpdated": "2026-02-26T17:49:44.191Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business One (SLD)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "B1_ON_HANA 10.0"}, {"status": "affected", "version": "SAP-M-BO 10.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.\ufffdAs a result , it has a high impact on the confidentiality, integrity, and availability of the application.</p>"}], "value": "Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.\ufffdAs a result , it has a high impact on the confidentiality, integrity, and availability of the application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-08-12T02:08:43.494Z"}, "references": [{"url": "https://me.sap.com/notes/3625403"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Broken Authorization in SAP Business One (SLD)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-42951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T15:03:54.944620Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T17:49:44.191Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-42951", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-13T15:03:54.944620Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T13:31:49.843Z"}}], "cna": {"title": "Broken Authorization in SAP Business One (SLD)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Business One (SLD)", "versions": [{"status": "affected", "version": "B1_ON_HANA 10.0"}, {"status": "affected", "version": "SAP-M-BO 10.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3625403"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.\ufffdAs a result , it has a high impact on the confidentiality, integrity, and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.\ufffdAs a result , it has a high impact on the confidentiality, integrity, and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-08-12T02:08:43.494Z"}}}, "cveMetadata": {"cveId": "CVE-2025-42951", "state": "PUBLISHED", "dateUpdated": "2025-08-13T20:20:08.630Z", "dateReserved": "2025-04-16T13:25:37.188Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-08-12T02:08:43.494Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Due to broken authorization, SAP Business One (SLD) allows an authenticated attacker to gain administrator privileges of a database by invoking the corresponding API.\ufffdAs a result , it has a high impact on the confidentiality, integrity, and availability of the application."}, {"lang": "es", "value": "Debido a una autorizaci\u00f3n rota, SAP Business One (SLD) permite que un atacante autenticado obtenga privilegios de administrador de una base de datos invocando la API correspondiente. Como resultado, tiene un alto impacto en la confidencialidad, integridad y disponibilidad de la aplicaci\u00f3n."}], "id": "CVE-2025-42951", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-08-12T03:15:27.977", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3625403"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{"created": "2025-08-12T07:36:53.776161+00:00", "updated": "2025-08-12T07:36:53.776215+00:00", "vendors": ["sap", "sap$PRODUCT$business_one"]}