CVE-2025-42884

Medium CVSS: 6.5

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There is no impact on availability.

Vendor

Product

CWE

CWE-943

Yayın Tarihi

2025-11-11 01:15:36

Güncelleme

2025-11-12 16:19:59

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-943 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3660969 https://url.sap/sapsecuritypatchday