{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-26657", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-02-12T21:05:31.735Z", "datePublished": "2025-04-08T07:13:16.882Z", "dateUpdated": "2025-04-08T14:50:40.019Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP KMC WPC", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KMC-WPC 7.50"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.</p>"}], "value": "SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:13:16.882Z"}, "references": [{"url": "https://me.sap.com/notes/3568307"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure vulnerability in SAP KMC WPC", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T13:14:52.149788Z", "id": "CVE-2025-26657", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:50:40.019Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-26657", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T13:14:52.149788Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:21:40.840Z"}}], "cna": {"title": "Information Disclosure vulnerability in SAP KMC WPC", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP KMC WPC", "versions": [{"status": "affected", "version": "KMC-WPC 7.50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3568307"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:13:16.882Z"}}}, "cveMetadata": {"cveId": "CVE-2025-26657", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:50:40.019Z", "dateReserved": "2025-02-12T21:05:31.735Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-04-08T07:13:16.882Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability."}, {"lang": "es", "value": "SAP KMC WPC permite que un atacante no autenticado obtenga nombres de usuario de forma remota mediante una simple consulta de par\u00e1metros, lo que podr\u00eda exponer informaci\u00f3n confidencial, con un impacto m\u00ednimo en la confidencialidad de la aplicaci\u00f3n. Esto no afecta la integridad ni la disponibilidad."}], "id": "CVE-2025-26657", "lastModified": "2025-04-08T18:13:53.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2025-04-08T08:15:16.077", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3568307"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}