—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple vulnerabilities in SAP Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: High

Software Affected

SQL Anywhere Monitor (Non-Gui)

SAP NetWeaver AS Java

SAP Solution Manager

SAP CommonCryptoLib

SAP HANA JDBC Client

SAP Business Connector

SAP NetWeaver Enterprise Portal

SAP S/4HANA landscape (SAP E-Recruiting BSP)

SAP HANA 2.0 (hdbrss)

SAP GUI for Windows

SAP Starter Solution (PL SAFT)

SAP NetWeaver Application Server Java

SAP Business One (SLD)

SAP S4CORE (Manage Journal Entries)

SAP NetWeaver Application Server for ABAP

SAP Fiori for SAP ERP

SAP NetWeaver Application Server for ABAP (Migration Workbench)

Overview

Multiple vulnerabilities have been reported, which could be exploited by an attacker to disclose sensitive information, gain elevated privileges, execute arbitrary code, cause malicious URL redirection, denial-of-service condition, perform Cross-Site Scripting (XSS), perform cache poisoning and upload malicious files on the targeted system.

Target Audience:

SAP system administrators, SAP security teams, IT infrastructure teams managing SAP landscape and Application developers using affected SAP.

Risk Assessment:

Potential for system compromise, data exposure, unauthorized access, privilege abuse, service disruption, arbitrary file upload.

Impact Assessment:

High risk of data breach, execution of arbitrary code, full system compromise, unavailability, security control bypass, and operational disruption.

Description

Multiple vulnerabilities have been reported in SAP products.

Solution

Apply appropriate updates as mentioned by the vendor:  

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html

Vendor Information

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html

References

SAP

https://support.sap.com/en/my-support/knowledge-base/security-notes-news/november-2025.html

CVE Name

CVE-2025-42890

CVE-2025-42944

CVE-2025-42887

CVE-2025-42940

CVE-2025-42895

CVE-2025-42892

CVE-2025-42894

CVE-2025-42884

CVE-2025-42924

CVE-2025-42893

CVE-2025-42886

CVE-2025-42885

CVE-2025-42888

CVE-2025-42889

CVE-2025-42919

CVE-2025-42897

CVE-2025-42899

CVE-2025-42882

CVE-2025-23191

CVE-2025-42883

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkV4k0ACgkQ3jCgcSdc

ys9VFhAAg1tjDb0FUftrB6C2kmpIyu5w2LxrHDo+Tsh2O3Y4mQXOdlZycJgeOxhs

MDXrCso8qD71+gNuMoCvJhLGMHAuGEoDJsiSgzAVSXUBrR6ai+LWi/WqUCQkxZqp

1lfBQ1JIbXZSPoBhV/cQx96eiNneoL51hrtKyg0WLhIWc00hOabIVxFi/VvXPNtW

nTuh4XVNGvf+4C+qLuqaEdqDcK6HJochsFIGRfWvgDiiK2Cqn1Kvb8CmZBhozh5k

pvYkucI2tzXtU8cA3o49j42VmRZfD5XBaqm7IFoXSNeIscdpAbQS+5yX8rw/ljc6

EQgfdAJcdxWWyjga+ap76y/Gd7hChwhI22F3uumDajkS8sblCTH4pmAX/KRf+Wif

mj+8R8HE2iEW5xcbFRNBr4l4NzU12cSMqwrdtga+7Ug1bz773fZK28TCX9fEfnIs

Ia+yVf6R5e3q6Po0U/RvRRmVju71v3KazUZR5k3ilNOQEnTZJRQMcbzmZoAPpYnJ

tRZjvLUmogkjiMtQMI+gz+VcHZg3vY4t2brjL9NN5K00HP9m2Su+f9YFgT+X5bRU

MHoKkHiGB0BHPeFCafHnozCkQHQnFpLzP+5RYdONudbnRnt0mJ8iSbMQG8F+6Ut9

OL/ML45IU00ojKUkIVp0bAUZJIa5Mrk0Swgka3iVpG4Q5KZOKYw=

=RdKK

—–END PGP SIGNATURE—–