Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-43000— Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)

CVSS 7.9 · High EPSS 0.07% · P22
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-43000

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Information Disclosure Vulnerability in SAP Business Objects Business Intelligence Platform (PMW)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP Business Objects Business Intelligence Platform 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP Business Objects Business Intelligence Platform是德国思爱普(SAP)公司的一套商业智能软件和企业绩效解决方案套件。该产品具有报告生成、分析和数据可视化等功能。 SAP Business Objects Business Intelligence Platform存在安全漏洞,该漏洞源于访问控制不当,可能导致信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
SAP_SESAP Business Objects Business Intelligence Platform (PMW) ENTERPRISE 430 -

II. Public POCs for CVE-2025-43000

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-43000

登录查看更多情报信息。

Same Patch Batch · SAP_SE · 2025-05-13 · 20 CVEs total

CVE-2025-3001210.0 CRITICALMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-429999.1 CRITICALInsecure Deserialization in SAP NetWeaver (Visual Composer development server)
CVE-2025-300188.6 HIGHMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-430108.3 HIGHCode injection vulnerability in SAP S/4HANA Cloud Private Edition or On Premise(SCM Master
CVE-2025-430117.7 HIGHMissing Authorization Check in SAP Landscape Transformation (PCL Basis)
CVE-2025-429976.6 MEDIUMInformation Disclosure vulnerability in SAP Gateway Client
CVE-2025-430036.4 MEDIUMInformation Disclosure vulnerability in SAP S/4HANA (Private Cloud & On-Premise)
CVE-2025-430076.3 MEDIUMMissing Authorization check in SAP Service Parts Management (SPM)
CVE-2025-430096.3 MEDIUMMissing Authorization check in SAP Service Parts Management (SPM)
CVE-2025-313296.2 MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Pla
CVE-2025-300096.1 MEDIUMMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-430066.1 MEDIUMCross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master D
CVE-2025-300106.1 MEDIUMMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-430085.8 MEDIUMMissing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal
CVE-2025-430045.3 MEDIUMSecurity Misconfiguration Vulnerability in SAP Digital Manufacturing (Production Operator
CVE-2025-300115.3 MEDIUMMultiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
CVE-2025-266624.4 MEDIUMCross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console
CVE-2025-430024.3 MEDIUMMissing Authorization check in SAP S4/HANA (OData meta-data property)
CVE-2025-430054.3 MEDIUMInformation Disclosure vulnerability in SAP GUI for Windows

IV. Related Vulnerabilities

Same vendor: SAP_SE
Same weakness: CWE-862

V. Comments for CVE-2025-43000

No comments yet

Leave a comment