CVE-2025-30015

medium

Description

Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3565944

Details

Source: Mitre, NVD

Published: 2025-04-08

Updated: 2025-04-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:H/Au:M/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.1

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L