Refine your search
1 vulnerability found for GRC by SAP
CERTFR-2025-AVI-0487
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et une falsification de requêtes côté serveur (SSRF).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SAP | Business Objects Business Intelligence Platform | Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027 | ||
| SAP | NetWeaver | NetWeaver (ABAP Keyword Documentation) versions SAP_BASIS 758 | ||
| SAP | NetWeaver Visual Composer | NetWeaver Visual Composer versions VCBASE 7.50 | ||
| SAP | Business One Integration Framework | Business One Integration Framework versions B1_ON_HANA 10.0 et SAP-M-BO 10.0 | ||
| SAP | MDM Server | MDM Server versions 710.750 | ||
| SAP | S/4HANA | S/4HANA (Manage Processing Rules - For Bank Statement) versions S4CORE 104, 105, 106, 107 et 108 | ||
| SAP | SAPUI5 applications | SAPUI5 applications versions SAP_UI 750, 754, 755, 756, 757, 758 et UI_700 200 | ||
| SAP | S/4HANA | S/4HANA (Manage Central Purchase Contract application) versions S4CORE 106, 107 et 108 | ||
| SAP | S/4HANA | S/4HANA (Enterprise Event Enablement) versions SAP_GWFND 757 et 758 | ||
| SAP | GRC | GRC (AC Plugin) versions GRCPINW V1100_700 et V1100_731 | ||
| SAP | BusinessObjects Business Intelligence | BusinessObjects Business Intelligence (BI Workspace) versions ENTERPRISE 430, 2025 et 2027 | ||
| SAP | S/4HANA | S/4HANA (Bank Account Application) versions S4CORE 108 | ||
| SAP | NetWeaver Application Server pour ABAP | NetWeaver Application Server for ABAP versions KERNEL 7.89, 7.93, 9.14 et 9.15 | ||
| SAP | Business Warehouse et SAP Plug-In Basis | Business Warehouse et SAP Plug-In Basis versions PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 914 et 915 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Business Objects Business Intelligence Platform versions ENTERPRISE 430, 2025 et 2027",
"product": {
"name": "Business Objects Business Intelligence Platform",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver (ABAP Keyword Documentation) versions SAP_BASIS 758",
"product": {
"name": "NetWeaver",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Visual Composer versions VCBASE 7.50",
"product": {
"name": "NetWeaver Visual Composer",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business One Integration Framework versions B1_ON_HANA 10.0 et SAP-M-BO 10.0",
"product": {
"name": "Business One Integration Framework",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "MDM Server versions 710.750",
"product": {
"name": "MDM Server",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Manage Processing Rules - For Bank Statement) versions S4CORE 104, 105, 106, 107 et 108",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "SAPUI5 applications versions SAP_UI 750, 754, 755, 756, 757, 758 et UI_700 200",
"product": {
"name": "SAPUI5 applications",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Manage Central Purchase Contract application) versions S4CORE 106, 107 et 108",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Enterprise Event Enablement) versions SAP_GWFND 757 et 758",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "GRC (AC Plugin) versions GRCPINW V1100_700 et V1100_731",
"product": {
"name": "GRC",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "BusinessObjects Business Intelligence (BI Workspace) versions ENTERPRISE 430, 2025 et 2027",
"product": {
"name": "BusinessObjects Business Intelligence",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "S/4HANA (Bank Account Application) versions S4CORE 108",
"product": {
"name": "S/4HANA",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "NetWeaver Application Server for ABAP versions KERNEL 7.89, 7.93, 9.14 et 9.15",
"product": {
"name": "NetWeaver Application Server pour ABAP",
"vendor": {
"name": "SAP",
"scada": false
}
}
},
{
"description": "Business Warehouse et SAP Plug-In Basis versions PI_BASIS 2006_1_700, 701, 702, 731, 740, SAP_BW 750, 751, 752, 753, 754, 755, 756, 757, 758, 914 et 915",
"product": {
"name": "Business Warehouse et SAP Plug-In Basis",
"vendor": {
"name": "SAP",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-42987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42987"
},
{
"name": "CVE-2025-42991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42991"
},
{
"name": "CVE-2025-42996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42996"
},
{
"name": "CVE-2025-42988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42988"
},
{
"name": "CVE-2025-42995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42995"
},
{
"name": "CVE-2025-42984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42984"
},
{
"name": "CVE-2025-42982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42982"
},
{
"name": "CVE-2025-42993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42993"
},
{
"name": "CVE-2025-42977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42977"
},
{
"name": "CVE-2025-31325",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31325"
},
{
"name": "CVE-2025-42983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42983"
},
{
"name": "CVE-2025-42998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42998"
},
{
"name": "CVE-2025-42989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42989"
},
{
"name": "CVE-2025-42994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42994"
},
{
"name": "CVE-2025-23192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23192"
},
{
"name": "CVE-2025-42990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-42990"
}
],
"initial_release_date": "2025-06-11T00:00:00",
"last_revision_date": "2025-06-11T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0487",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
"vendor_advisories": [
{
"published_at": "2025-06-10",
"title": "Bulletin de s\u00e9curit\u00e9 SAP june-2025",
"url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news/june-2025.html"
}
]
}