Remote Username Retrieval Vulnerability in SAP KMC WPC
CVE-2025-26657

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Kmc WPc
Vendor: CVE Published:; 8 April 2025

Summary

The vulnerability in SAP KMC WPC allows an unauthenticated attacker to execute a simple parameter query to remotely retrieve usernames, potentially leading to a compromise of sensitive information. While this exposure affects the confidentiality of the application, it does not impact data integrity or availability. Organizations using SAP KMC WPC should remain vigilant and consider implementing additional security measures.

Affected Version(s)

SAP KMC WPC KMC-WPC 7.50

References

https://me.sap.com/notes/3568307

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 8, 2025
Vulnerability Reserved
Feb 12, 2025