The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NSap Netweaver
APPSap2004sSap Aba
APPSap7.00Sap Basis
APPSap7.00
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2025-42999CRITICAL9.1⚠ KEVPL ✓ten sam produkt
SAP NetWeaver Visual Composer — niebezpieczna deserializacja treści
CVE-2025-31324CRITICAL10.0⚠ KEVPL ✓ten sam produkt
SAP NetWeaver: nieautoryzowany upload plików wykonywalnych w Visual Composer
CVE-2021-38163CRITICAL9.9⚠ KEVten sam produkt
SAP NetWeaver (Visual Composer 7.0 RT) versions - 7.30, 7.31, 7.40, 7.50, without restriction, an attacker aut...
CVE-2025-0066CRITICAL9.9PL ✓ten sam produkt
SAP NetWeaver AS ABAP – nieautoryzowany dostęp do danych przez słabą kontrolę dostępu
CVE-2023-36922CRITICAL9.1ten sam produkt
Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an ...