PT-2025-1205 · Sap · Sap Business Workflow+1

Published

2025-01-13

Updated

2025-10-24

CVE-2025-0058

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP Business Workflow and SAP Flexible Workflow (affected versions not specified)

Description The issue is related to the bypass of authorization in SAP Business Workflow and SAP Flexible Workflow through the use of a user-controlled key. An authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

BDU:2025-00581

CVE-2025-0058

Affected Products

Sap Business Workflow

Sap Flexible Workflow

PT-2025-1205 · Sap · Sap Business Workflow+1

CVE-2025-0058

Weakness Enumeration

Related Identifiers

Affected Products

References · 10