发布日期：2025-07-07
更新日期：2025-08-25

受影响系统：

SAP BusinessObjects Content Administrator Workbench SAP_BW_VIRTUAL_COMP 701
SAP BusinessObjects Content Administrator Workbench SAP_BW 700
SAP BusinessObjects Content Administrator Workbench DW4CORE 100
SAP BusinessObjects Content Administrator Workbench 816
SAP BusinessObjects Content Administrator Workbench 758
SAP BusinessObjects Content Administrator Workbench 757
SAP BusinessObjects Content Administrator Workbench 756
SAP BusinessObjects Content Administrator Workbench 755
SAP BusinessObjects Content Administrator Workbench 754
SAP BusinessObjects Content Administrator Workbench 753
SAP BusinessObjects Content Administrator Workbench 752
SAP BusinessObjects Content Administrator Workbench 751
SAP BusinessObjects Content Administrator Workbench 750
SAP BusinessObjects Content Administrator Workbench 740
SAP BusinessObjects Content Administrator Workbench 731
SAP BusinessObjects Content Administrator Workbench 702
SAP BusinessObjects Content Administrator Workbench 701
SAP BusinessObjects Content Administrator Workbench 400
SAP BusinessObjects Content Administrator Workbench 300
SAP BusinessObjects Content Administrator Workbench 200

描述：

---

CVE(CAN) ID: CVE-2025-42985

SAP BusinessObjects Content Administrator workbench是德国思爱普（SAP）公司的一个用来管理报表发行功能的软件。
SAP BusinessObjects Content Administrator Workbench多个版本存在开放重定向漏洞，该漏洞源于输入过滤不足，攻击者可利用该漏洞注入恶意脚本并执行，导致用户数据泄露或修改。

<**>

建议：

---

厂商补丁：

SAP
---
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

浏览次数：25
严重程度：0（网友投票）