Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-42965

SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitation may lead to information disclosure. This vulnerability does not impact the integrity or availability of the application.

Published

2025-07-08T01:15:23.440

Last Modified

2025-07-08T16:18:14.207

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

References

https://me.sap.com/notes/3598118 ([email protected])
https://url.sap/sapsecuritypatchday ([email protected])