CVE-2023-42475

Summary

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA CoreS4CORE 102affected
SAP_SESAP S/4HANA CoreS4CORE 103affected
SAP_SESAP S/4HANA CoreS4CORE 104affected
SAP_SESAP S/4HANA CoreS4CORE 105affected
SAP_SESAP S/4HANA CoreS4CORE 106affected
SAP_SESAP S/4HANA CoreSAPSCORE 128affected

Weaknesses

  • CWE-209: CWE-209: Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References