CVE-2023-40625
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 102 | affected |
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 103 | affected |
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 104 | affected |
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 105 | affected |
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 106 | affected |
| SAP_SE | SAP Manage Purchase Contracts App | S4CORE 107 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://me.sap.com/notes/3326361
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://me.sap.com/notes/3326361
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.