{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T16:22:15.692","vulnerabilities":[{"cve":{"id":"CVE-2025-42987","sourceIdentifier":"cna@sap.com","published":"2025-06-10T01:15:21.860","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application."},{"lang":"es","value":"SAP Manage Processing Rules (para extractos bancarios) permite a un atacante con privilegios básicos editar las reglas compartidas de cualquier usuario manipulando el parámetro de solicitud. Debido a la falta de verificación de autorización, el atacante puede editar reglas que deberían estar restringidas, lo que compromete la integridad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://me.sap.com/notes/3596850","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}