CNNVD-202511-1301 Information
CNNVD ID
CNNVD-202511-1301
Related CVE
- CNNVD Published: 2025-11-11
Description (Chinese)
SAP Solution Manager是德国思爱普(SAP)公司的一套集系统监控、SAP支持桌面、自助服务、ASAP实施等多个功能为一体的系统管理平台。该平台可以帮助客户建立SAP解决方案的生命周期管理,并提供系统监控、远程支持服务和SAP产品组件升级等功能。 SAP Solution Manager存在代码注入漏洞,该漏洞源于缺少输入清理,可能导致恶意代码插入,从而完全控制系统,严重影响系统机密性、完整性和可用性。
Description (English)
SAP Solutions Manager is a system management platform with multiple functions, such as SAP system monitoring, SAP support desktops, self-service, ASAP implementation, etc. The platform helps clients to develop life-cycle management of SAP solutions and provides systems monitoring, remote support services and the upgrading of SAP product components. SAP Solution Manager has a code-infusion loophole, which stems from a lack of input clean-up, which may lead to the insertion of malicious codes, thus fully controlling the system and seriously affecting its confidentiality, integrity and availability.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
思爱普
Published
2025-11-11
Last Modified
2026-02-24
References
https://me.sap.com/notes/3668705 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2025-42887
Patch
https://url.sap/sapsecuritypatchday
Share on: