{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-30014", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-03-13T18:03:35.489Z", "datePublished": "2025-04-08T07:14:25.929Z", "dateUpdated": "2025-04-08T13:23:38.179Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Capital Yield Tax Management", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "CYTERP 420_700"}, {"status": "affected", "version": "CYT 800"}, {"status": "affected", "version": "IBS 7.0"}, {"status": "affected", "version": "CYT4HANA 100"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.</p>"}], "value": "SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "CWE-35: Path Traversal", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:14:25.929Z"}, "references": [{"url": "https://me.sap.com/notes/2927164"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Directory Traversal vulnerability in SAP Capital Yield Tax Management", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T13:23:29.480155Z", "id": "CVE-2025-30014", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:23:38.179Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-30014", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T13:23:29.480155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:23:33.677Z"}}], "cna": {"title": "Directory Traversal vulnerability in SAP Capital Yield Tax Management", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Capital Yield Tax Management", "versions": [{"status": "affected", "version": "CYTERP 420_700"}, {"status": "affected", "version": "CYT 800"}, {"status": "affected", "version": "IBS 7.0"}, {"status": "affected", "version": "CYT4HANA 100"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/2927164"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-35", "description": "CWE-35: Path Traversal"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:14:25.929Z"}}}, "cveMetadata": {"cveId": "CVE-2025-30014", "state": "PUBLISHED", "dateUpdated": "2025-04-08T13:23:38.179Z", "dateReserved": "2025-03-13T18:03:35.489Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-04-08T07:14:25.929Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Capital Yield Tax Management has directory traversal vulnerability due to insufficient path validation. This could allow an attacker with low privileges to read files from directory which they don\ufffdt have access to, hence causing a high impact on confidentiality. Integrity and Availability are not affected."}, {"lang": "es", "value": "SAP Capital Yield Tax Management presenta una vulnerabilidad de directory traversal debido a una validaci\u00f3n de ruta insuficiente. Esto podr\u00eda permitir que un atacante con pocos privilegios lea archivos de un directorio al que no tiene acceso, lo que afecta gravemente la confidencialidad. La integridad y la disponibilidad no se ven afectadas."}], "id": "CVE-2025-30014", "lastModified": "2025-04-08T18:13:53.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2025-04-08T08:15:17.177", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/2927164"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{}