CVE-2025-27432

Summary

The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)SAP_APPL 617affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)618affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)S4CORE 102affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)103affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)104affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)105affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)106affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)107affected
SAP_SESAP Electronic Invoicing for Brazil (eDocument Cockpit)108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References