CNNVD-202512-1991 Information

CNNVD ID

CNNVD-202512-1991

Related CVE

CVE-2025-41358

• CNNVD Published: 2025-12-10

Description (Chinese)

i2A CronosWeb是西班牙i2A公司的一个面向SAP环境的集成和自动化工具。 i2A CronosWeb 25.00.00.12及之前版本存在安全漏洞，该漏洞源于操纵documentCode参数可能导致访问其他用户文档。

Description (English)

The i2A CronosWeb is an integrated and automated tool for the SAP environment of the Spanish company i2A. The i2A CronosWeb 25.00.00.12 and previous versions have a security loophole, which stems from the manipulation of document Code parameters that may lead to access to other user documents.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

i2A

Published

2025-12-10

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/direct-reference-insecure-objects-idor-cronosweb-cronosweb-i2a https://access.redhat.com/security/cve/cve-2025-41358