Information Disclosure Vulnerability in SAP Promotion Management Wizard
CVE-2025-43000

7.9HIGH

What is CVE-2025-43000?

The SAP Promotion Management Wizard contains a vulnerability that allows an unauthorized attacker to gain access to sensitive information under certain conditions. This breach results in a compromise of data confidentiality while maintaining low impact on the integrity and availability of the application. Organizations using this tool are advised to apply relevant security patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (PMW) ENTERPRISE 430

SAP Business Objects Business Intelligence Platform (PMW) 2025

SAP Business Objects Business Intelligence Platform (PMW) 2027

References

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.