{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T23:53:34.323","vulnerabilities":[{"cve":{"id":"CVE-2025-0067","sourceIdentifier":"cna@sap.com","published":"2025-01-14T01:15:16.950","lastModified":"2025-01-14T01:15:16.950","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application."},{"lang":"es","value":" Debido a la falta de una verificación de autorización en los endpoints de servicio en SAP NetWeaver Application Server Java, un atacante con un rol de usuario estándar puede crear entradas de conexión JCo, que se utilizan para llamadas de funciones remotas desde o hacia el servidor de aplicaciones. Esto podría tener un impacto bajo en la confidencialidad, integridad y disponibilidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https:\/\/me.sap.com\/notes\/3540108","source":"cna@sap.com"},{"url":"https:\/\/url.sap\/sapsecuritypatchday","source":"cna@sap.com"}]}}]}