Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-42897

Summary
Assigner-sap
Assigner Org ID-e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At-11 Nov, 2025 | 00:19
Updated At-12 Nov, 2025 | 20:09
Rejected At-
Credits

Information Disclosure vulnerability in SAP Business One (SLD)

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:sap
Assigner Org ID:e4686d1a-f260-4930-ac4c-2f5c992778dd
Published At:11 Nov, 2025 | 00:19
Updated At:12 Nov, 2025 | 20:09
Rejected At:
▼CVE Numbering Authority (CNA)
Information Disclosure vulnerability in SAP Business One (SLD)

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

Affected Products
Vendor
SAP SESAP_SE
Product
SAP Business One (SLD)
Default Status
unaffected
Versions
Affected
  • B1_ON_HANA 10.0
  • SAP-M-BO 10.0
Problem Types
TypeCWE IDDescription
CWECWE-522CWE-522: Insufficiently Protected Credentials
Type: CWE
CWE ID: CWE-522
Description: CWE-522: Insufficiently Protected Credentials
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://me.sap.com/notes/3652901
N/A
https://url.sap/sapsecuritypatchday
N/A
Hyperlink: https://me.sap.com/notes/3652901
Resource: N/A
Hyperlink: https://url.sap/sapsecuritypatchday
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@sap.com
Published At:11 Nov, 2025 | 01:15
Updated At:12 Nov, 2025 | 16:19

Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-522Primarycna@sap.com
CWE ID: CWE-522
Type: Primary
Source: cna@sap.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://me.sap.com/notes/3652901cna@sap.com
N/A
https://url.sap/sapsecuritypatchdaycna@sap.com
N/A
Hyperlink: https://me.sap.com/notes/3652901
Source: cna@sap.com
Resource: N/A
Hyperlink: https://url.sap/sapsecuritypatchday
Source: cna@sap.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

59Records found
CVE-2021-39342
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.86%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 19:39
Updated-31 Mar, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Credova_Financial <= 1.4.8 Sensitive Information Disclosure

The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8.

Action-Not Available
Vendor-credovaCredova Financial
Product-financialCredova_Financial
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-32280
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.80%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 13:37
Updated-14 Jan, 2026 | 18:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials in some Intel(R) Server Product OpenBMC firmware before versions egs-1.05 may allow an unauthenticated user to enable information disclosure via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-openbmcxeon_platinum_8468xeon_gold_6421nxeon_platinum_8468hxeon_gold_6448hxeon_gold_6442yxeon_platinum_8471nxeon_gold_6448yxeon_platinum_8490hxeon_gold_6438y\+xeon_gold_6414uxeon_gold_5433nxeon_gold_6458qxeon_platinum_8454hxeon_platinum_8460hxeon_gold_6444yxeon_platinum_8480\+xeon_gold_6423nxeon_gold_5403nxeon_gold_5423nxeon_gold_6403nxeon_gold_6418hxeon_gold_5411nxeon_gold_5415\+xeon_platinum_8470xeon_silver_4410yxeon_platinum_8452yxeon_platinum_8458pxeon_gold_5412uxeon_gold_6434xeon_platinum_8462y\+xeon_gold_6438nxeon_silver_4410txeon_platinum_8461vxeon_gold_6434hxeon_gold_6426yxeon_gold_6443nxeon_gold_6428nxeon_platinum_8450hxeon_platinum_8470nxeon_gold_6454sxeon_gold_5420\+xeon_gold_5416sxeon_platinum_8460y\+xeon_gold_6430xeon_gold_6416hxeon_gold_5418yxeon_gold_5418nxeon_bronze_3408uxeon_platinum_8444hxeon_gold_6438mxeon_gold_6433nexeon_gold_6433nxeon_platinum_8468vIntel(R) Server Product OpenBMC firmwareeagle_stream
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-23463
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.59%
||
7 Day CHG~0.00%
Published-15 Feb, 2023 | 00:00
Updated-19 Mar, 2025 | 16:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunell DVR – Insufficiently Protected Credentials

Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.

Action-Not Available
Vendor-sunellsecuritySunell
Product-sn-adr3808e2_firmwaresn-xvr3808e2_firmwaresn-xvr3808e2sn-adr3804e1_firmwaresn-adr3816e1sn-adr3804e1sn-adr3808e1sn-adr3816e1_firmwaresn-adr3816e2_firmwaresn-adr3808e1_firmwaresn-adr3816e2sn-xvr3804e1_firmwaresn-adr3808e2sn-xvr3804e1DVR
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-30169
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-5.3||MEDIUM
EPSS-0.95% / 75.99%
||
7 Day CHG~0.00%
Published-28 Apr, 2021 | 09:30
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MERIT LILIN ENT.CO.,LTD. P2/Z2/P3/Z3 IP camera - Sensitive Data Exposure-2

The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.

Action-Not Available
Vendor-meritlilinMERIT LILIN ENT.CO.,LTD.
Product-p2g1022x_firmwarep2r8822e4_firmwarep3r6322e2_firmwarez2r6422ax-pz3r6422x3z2r6452ax-pp3r8822e2z2r8152x2-p_firmwarep2r6522e2_firmwarez2r8852ax_firmwarep2r6822e2p2g1022z2r8152x-pp3r6522e2_firmwarez2r6522xz2r8152x2-pp2r6852e4p2g1022_firmwarep2r8852e2z2r6422axz3r8922x3p2r6322ae2p2r6852e2_firmwarep2r6522e4p2r6352ae2_firmwarez2r8852axp2r8852e4_firmwarep2r6322ae2_firmwarez2r8822ax_firmwarez2r6522x_firmwarep2g1022xz3r6422x3_firmwarep2r6522e2z2r8122x2-pp2r6822e4p2r6552e4_firmwarez2r8022ex25z2r8052ex25z2r8822axp2r8822e2p2r6552e2z2r8122x-p_firmwarez2r6422ax-p_firmwarep2r6552e2_firmwarez2r6422ax_firmwarep2r6352ae4_firmwarez2r6552xp2r8852e2_firmwarez2r6552x_firmwarez2r8152x-p_firmwarez2r6452axp2r3052ae2_firmwarep2g1052_firmwarez2r8122x-pp2r6852e2p2r3022ae2_firmwarep2r3052ae2p2r6322ae4_firmwarep3r6322e2p2r6822e2_firmwarep2r8822e2_firmwarez2r6452ax_firmwarep2r6352ae2z2r8022ex25_firmwarep2r6322ae4p2r3022ae2p3r6522e2z3r6522xp2r8822e4p2r6852e4_firmwarep2r6552e4z3r6522x_firmwarep3r8822e2_firmwarep2g1052p2r8852e4z2r8122x2-p_firmwarep2r6822e4_firmwarep2r6522e4_firmwarez2r6452ax-p_firmwarez3r8922x3_firmwarep2r6352ae4z2r8052ex25_firmwareP2/Z2/P3/Z3 IP camera firmware
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-13187
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.43%
||
7 Day CHG~0.00%
Published-14 Nov, 2025 | 22:02
Updated-04 Feb, 2026 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Intelbras ICIP acessodeusuario.xml credentials storage

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-intelbrasIntelbras
Product-icip_30_firmwareicip_30ICIP
CWE ID-CWE-256
Plaintext Storage of a Password
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-10879
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.7||HIGH
EPSS-0.05% / 16.11%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 16:31
Updated-29 Sep, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficiently Protected Credentials in Dingtian DT-R002

All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.

Action-Not Available
Vendor-dingtian-techDingtian
Product-dt-r002_firmwaredt-r002DT-R002
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-7813
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.73% / 72.27%
||
7 Day CHG~0.00%
Published-15 Aug, 2024 | 03:00
Updated-19 Aug, 2024 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Prison Management System Profile Image insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. This issue affects some unknown processing of the file /uploadImage/Profile/ of the component Profile Image Handler. The manipulation leads to insufficiently protected credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-prison_management_systemPrison Management Systemprison_management_system
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2020-2119
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.21%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 14:35
Updated-04 Aug, 2024 | 07:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credentials in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.

Action-Not Available
Vendor-Jenkins
Product-azure_adJenkins Azure AD Plugin
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2025-27926
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.08% / 22.58%
||
7 Day CHG~0.00%
Published-10 Mar, 2025 | 00:00
Updated-29 Jan, 2026 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

Action-Not Available
Vendor-nintexNintex
Product-automationAutomation
CWE ID-CWE-276
Incorrect Default Permissions
CWE ID-CWE-522
Insufficiently Protected Credentials
  • Previous
  • 1
  • 2
  • Next
Details not found