VYPR

CMC Promotion Management

by SAP

CVEs (2)

  • CVE-2025-43000HigMay 13, 2025
    risk 0.51cvss 7.9epss 0.00

    Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

  • CVE-2025-42965MedJul 8, 2025
    risk 0.27cvss 4.1epss 0.00

    SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints.…