CVE-2025-42973 Information
Jul 09, 2025
cve
Description
Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests malicious script can be injected and subsequently executed when a user loads the affected page. This results in a limited impact on the confidentiality and integrity of user session information while availability remains unaffected.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://me.sap.com/notes/3606103 https://url.sap/sapsecuritypatchday https://url.sap/sapsecuritypatchday
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Related CNNVD
CNNVD-202507-810 (Published: 2025-07-08)
Share on: