PT-2025-49770 · Sap · Sap Enterprise Search For Abap
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-42891
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Enterprise Search for ABAP (affected versions not specified)
Description
A missing authorization check in SAP Enterprise Search for ABAP allows an attacker with high privileges to read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on application availability. The issue involves a flaw in authorization controls, potentially allowing unauthorized access to sensitive data within database tables.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Enterprise Search For Abap