CNNVD-202511-1305 Information

CNNVD ID

CNNVD-202511-1305

Related CVE

CVE-2025-42884

• CNNVD Published: 2025-11-11

Description (Chinese)

SAP NetWeaver Enterprise Portal是德国思爱普（SAP）公司的一个 SAP NetWeaver的 Web 前端组件。 SAP NetWeaver Enterprise Portal存在安全漏洞，该漏洞源于未经验证的攻击者可注入JNDI环境属性或传递JNDI查找操作期间使用的URL，可能导致信息泄露或修改。

Description (English)

SAP NetWeaver Enterprise Portal is a Swedish front-end component of SAP NetWeaver of SAP Germany. The SAP NetWeaver Enterprise Portal has a security loophole, which stems from the fact that unverified assailants can inject JNDI environmental properties or transmit URLs used during the JNDI search operation, which can lead to information leaking or modification.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

思爱普

Published

2025-11-11

Last Modified

2026-02-24

References

https://me.sap.com/notes/3660969 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2025-42884

Patch

https://url.sap/sapsecuritypatchday