{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"S/4HANA HCM Portugal and SAP ERP HCM Portugal versions S4HCMCPT 100, 101, SAP_HRCPT 600, 604 et 608","product":{"name":"S/4HANA","vendor":{"name":"SAP","scada":false}}},{"description":"Service Parts Management (SPM) versions SAP_APPL 600, 602, 603, 604, 605, 606, 616, 617, 618, SAPSCORE 111, S4CORE 100, 101 et 102","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver (Visual Composer development server) version VCFRAMEWORK 7.50","product":{"name":"NetWeaver","vendor":{"name":"SAP","scada":false}}},{"description":"Supplier Relationship Management (Master Data Management Catalog) version SRM_MDM_CAT 7.52","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"BusinessObjects Business Intelligence Platform versions ENTERPRISE 420, 430 et 2025","product":{"name":"Business Objects Business Intelligence Platform","vendor":{"name":"SAP","scada":false}}},{"description":"Business Objects Business Intelligence Platform (PMW) versions ENTERPRISE 430, 2025 et 2027","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"NetWeaver Application Server ABAP et ABAP Platform versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 751, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757 et SAP_BASIS 758","product":{"name":"NetWeaver Application Server ABAP et ABAP Platform","vendor":{"name":"SAP","scada":false}}},{"description":"Data Services Management Console version SBOP DS JOB SERVER 4.3","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Digital Manufacturing (Production Operator Dashboard) version CTNR-DME-PODFOUNDATION-MS 1.0","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Fiori for SAP ERP versions SAP_GWFND 740, 750, 751, 752, 753, 754, 755, 756, 757 et 758","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"S4/HANA (OData meta-data property) versions S4CORE 102, 103, 104, 105 et 106","product":{"name":"S/4HANA","vendor":{"name":"SAP","scada":false}}},{"description":"S/4HANA (Private Cloud & On-Premise) versions S4CRM 204, 205, 206, S4CEXT 107, 108, BBPCRM 702, 712, 713, 714","product":{"name":"S/4HANA","vendor":{"name":"SAP","scada":false}}},{"description":"S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) versions S4CORE 102, 103, 104, 105, 106, 107, 108, SCM_BASIS 700, 701, 702, 712, 713 et 714","product":{"name":"S/4HANA","vendor":{"name":"SAP","scada":false}}},{"description":"Gateway Client versions SAP_GWFND 752, 753, 754, 755, 756, 757 et 758","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Supplier Relationship Management (Live Auction Cockpit) version SRM_SERVER 7.14","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Service Parts Management (SPM) versions SAP_APPL 617, 618, SAPSCORE 116, S4CORE 100, 101, 102 et 103","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"PDCE versions S4CORE 102, 103, S4COREOP 104, 105, 106, 107 et 108","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"Landscape Transformation (PCL Basis) versions DMIS 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2018_1_752, 2020, S4CORE 102, 103, 104, 105, 106, 107 et 108","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}},{"description":"GUI for Windows version BC-FES-GUI 8.00","product":{"name":"N/A","vendor":{"name":"SAP","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2025-43003","url":"https://www.cve.org/CVERecord?id=CVE-2025-43003"},{"name":"CVE-2025-43007","url":"https://www.cve.org/CVERecord?id=CVE-2025-43007"},{"name":"CVE-2025-23191","url":"https://www.cve.org/CVERecord?id=CVE-2025-23191"},{"name":"CVE-2025-42999","url":"https://www.cve.org/CVERecord?id=CVE-2025-42999"},{"name":"CVE-2025-43009","url":"https://www.cve.org/CVERecord?id=CVE-2025-43009"},{"name":"CVE-2025-43011","url":"https://www.cve.org/CVERecord?id=CVE-2025-43011"},{"name":"CVE-2025-43006","url":"https://www.cve.org/CVERecord?id=CVE-2025-43006"},{"name":"CVE-2025-0060","url":"https://www.cve.org/CVERecord?id=CVE-2025-0060"},{"name":"CVE-2025-30012","url":"https://www.cve.org/CVERecord?id=CVE-2025-30012"},{"name":"CVE-2025-43000","url":"https://www.cve.org/CVERecord?id=CVE-2025-43000"},{"name":"CVE-2025-43004","url":"https://www.cve.org/CVERecord?id=CVE-2025-43004"},{"name":"CVE-2025-31324","url":"https://www.cve.org/CVERecord?id=CVE-2025-31324"},{"name":"CVE-2025-43005","url":"https://www.cve.org/CVERecord?id=CVE-2025-43005"},{"name":"CVE-2025-43008","url":"https://www.cve.org/CVERecord?id=CVE-2025-43008"},{"name":"CVE-2025-31329","url":"https://www.cve.org/CVERecord?id=CVE-2025-31329"},{"name":"CVE-2025-30009","url":"https://www.cve.org/CVERecord?id=CVE-2025-30009"},{"name":"CVE-2025-30011","url":"https://www.cve.org/CVERecord?id=CVE-2025-30011"},{"name":"CVE-2025-43002","url":"https://www.cve.org/CVERecord?id=CVE-2025-43002"},{"name":"CVE-2025-26662","url":"https://www.cve.org/CVERecord?id=CVE-2025-26662"},{"name":"CVE-2025-30010","url":"https://www.cve.org/CVERecord?id=CVE-2025-30010"},{"name":"CVE-2025-42997","url":"https://www.cve.org/CVERecord?id=CVE-2025-42997"},{"name":"CVE-2025-0061","url":"https://www.cve.org/CVERecord?id=CVE-2025-0061"},{"name":"CVE-2025-43010","url":"https://www.cve.org/CVERecord?id=CVE-2025-43010"},{"name":"CVE-2024-39592","url":"https://www.cve.org/CVERecord?id=CVE-2024-39592"},{"name":"CVE-2025-30018","url":"https://www.cve.org/CVERecord?id=CVE-2025-30018"}],"links":[],"reference":"CERTFR-2025-AVI-0396","revisions":[{"description":"Version initiale","revision_date":"2025-05-13T00:00:00.000000"},{"description":"Ajout des identifiants CVE CVE-2025-0060, CVE-2025-0061 et CVE-2025-23191","revision_date":"2025-06-12T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0 distance (XSS).","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP","vendor_advisories":[{"published_at":"2025-05-13","title":"Bulletin de s\u00e9curit\u00e9 SAP may-2025","url":"https://support.sap.com/en/my-support/knowledge-base/security-notes-news/may-2025.html"}]}