{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0058", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-12-05T21:38:15.279Z", "datePublished": "2025-01-14T00:08:59.323Z", "dateUpdated": "2025-01-14T15:00:38.824Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business Workflow and SAP Flexible Workflow", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 912"}, {"status": "affected", "version": "SAP_BASIS 913"}, {"status": "affected", "version": "SAP_BASIS 914"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.</p>"}], "value": "In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-01-14T00:08:59.323Z"}, "references": [{"url": "https://me.sap.com/notes/3542698"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-14T15:00:27.919691Z", "id": "CVE-2025-0058", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:00:38.824Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0058", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-14T15:00:27.919691Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T15:00:33.754Z"}}], "cna": {"title": "Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Business Workflow and SAP Flexible Workflow", "versions": [{"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 912"}, {"status": "affected", "version": "SAP_BASIS 913"}, {"status": "affected", "version": "SAP_BASIS 914"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3542698"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.", "supportingMedia": [{"type": "text/html", "value": "<p>In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-01-14T00:08:59.323Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0058", "state": "PUBLISHED", "dateUpdated": "2025-01-14T15:00:38.824Z", "dateReserved": "2024-12-05T21:38:15.279Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-01-14T00:08:59.323Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:912:*:*:*:*:*:*:*", "matchCriteriaId": "186B1AB2-9345-450B-BBE2-14F0F650AAF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:913:*:*:*:*:*:*:*", "matchCriteriaId": "2C4A728A-DCF9-42A2-AB32-620885A0CEC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:914:*:*:*:*:*:*:*", "matchCriteriaId": "21CA6E71-AD1B-424B-9254-13785DC9F9F3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable."}, {"lang": "es", "value": " En SAP Business Workflow y SAP Flexible Workflow, un atacante autenticado puede manipular un par\u00e1metro en una solicitud de recursos leg\u00edtima para ver informaci\u00f3n confidencial que, de otro modo, deber\u00eda estar restringida. El atacante no tiene la capacidad de modificar la informaci\u00f3n ni de hacer que no est\u00e9 disponible."}], "id": "CVE-2025-0058", "lastModified": "2025-10-24T19:22:46.037", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2025-01-14T01:15:16.040", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3542698"}, {"source": "cna@sap.com", "tags": ["Patch"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{}