CVE-2025-42903

Medium CVSS: 4.3

A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality with no impact on integrity or availability.

Vendor

Product

CWE

CWE-204

Yayın Tarihi

2025-10-14 01:15:32

Güncelleme

2025-10-14 19:36:29

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-204 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3656781 https://url.sap/sapsecuritypatchday