CVE-2025-42988— SAP Business Objects Business Intelligence Platform 代码问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2025-42988の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Server-Side Request Forgery in SAP Business Objects Business Intelligence Platform
ソース: NVD (National Vulnerability Database)
脆弱性説明
Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure of information could further enable the researcher to cause SSRF. It has no impact on integrity and availability of the application.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
服务端请求伪造(SSRF)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
SAP Business Objects Business Intelligence Platform 代码问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
SAP Business Objects Business Intelligence Platform是德国思爱普(SAP)公司的一套商业智能软件和企业绩效解决方案套件。该产品具有报告生成、分析和数据可视化等功能。 SAP Business Objects Business Intelligence Platform存在代码问题漏洞,该漏洞源于允许枚举HTTP端点,可能导致SSRF。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| SAP_SE | SAP Business Objects Business Intelligence Platform | ENTERPRISE 430 | - |
II. CVE-2025-42988の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2025-42988のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2025-06-10 · 16 CVEs total
| CVE-2025-42989 | 9.6 CRITICAL | Missing Authorization check in SAP NetWeaver Application Server for ABAP |
| CVE-2025-42982 | 8.8 HIGH | Information Disclosure in SAP GRC (AC Plugin) |
| CVE-2025-42983 | 8.5 HIGH | Missing Authorization check in SAP Business Warehouse and SAP Plug-In Basis |
| CVE-2025-23192 | 8.2 HIGH | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (BI |
| CVE-2025-42977 | 7.6 HIGH | Directory Traversal vulnerability in SAP NetWeaver Visual Composer |
| CVE-2025-42994 | 7.5 HIGH | Multiple vulnerabilities in SAP MDM Server |
| CVE-2025-42995 | 7.5 HIGH | Multiple vulnerabilities in SAP MDM Server |
| CVE-2025-42993 | 6.7 MEDIUM | Missing Authorization Check in SAP S/4HANA (Enterprise Event Enablement) |
| CVE-2025-31325 | 5.8 MEDIUM | Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver (ABAP Keyword Documentation) |
| CVE-2025-42996 | 5.6 MEDIUM | Multiple vulnerabilities in SAP MDM Server |
| CVE-2025-42984 | 5.4 MEDIUM | Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application) |
| CVE-2025-42998 | 5.3 MEDIUM | Security misconfiguration vulnerability in SAP Business One Integration Framework |
| CVE-2025-42991 | 4.3 MEDIUM | Missing Authorization check in SAP S/4HANA (Bank Account Application) |
| CVE-2025-42987 | 4.3 MEDIUM | Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statement) |
| CVE-2025-42990 | 3.0 LOW | HTML Injection in Unprotected SAPUI5 applications |
IV. 関連脆弱性
- CVE-2025-23185
Information Disclosure in SAP Business Objects Business Inte - CVE-2020-6220
SAP Business Objects Business Intelligence Platform 跨站脚本漏洞 - CVE-2022-24398
SAP Business Objects Business Intelligence Platform 信息泄露漏洞 - CVE-2020-6294
SAP Business Objects Business Intelligence Platform 访问控制错误漏洞 - CVE-2020-6269
SAP Business Objects Business Intelligence Platform 信息泄露漏洞
同じベンダー: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
同じ弱点: CWE-918
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-44313
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creat - CVE-2026-42352
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processe - CVE-2026-42346
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validatio - CVE-2026-42339
New API: SSRF Filter Bypass via 0.0.0.0
V. CVE-2025-42988へのコメント
まだコメントはありません