CNNVD-202507-792 Information
CNNVD ID
CNNVD-202507-792
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
SAP NetWeaver ABAP Server和SAP ABAP Platform都是德国思爱普(SAP)公司的产品。SAP NetWeaver ABAP Server是一个用作 SAP 产品的 Web 应用程序服务器。SAP ABAP Platform是一个基于 ABAP 的 SAP 解决方案。 SAP NetWeaver ABAP Server和SAP ABAP Platform存在安全漏洞,该漏洞源于未验证攻击者可利用从缺失特定补丁的系统提取的HMAC凭据进行重放攻击,可能导致完全系统破解。
Description (English)
SAP NetWeaver ABAP Server and SAP ABAP Platform are products of SAP Germany. SAP NetWeaver ABAP Server is a Web application server for SAP products. SAP ABAP Platform is a SAP solution based on ABAP. There is a security loophole in SAP NetWeaver ABAP Server and SAP ABAP Platform, which stems from the failure to verify that the attackers can re-launch the attack using HMAC evidence extracted from the missing specific patches, which could lead to full system breakdown.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
思爱普
Published
2025-07-07
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-42959
Patch
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html
Share on: