CVE-2025-42899

Summary

SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S4CORE (Manage Journal Entries)S4CORE 104affected
SAP_SESAP S4CORE (Manage Journal Entries)105affected
SAP_SESAP S4CORE (Manage Journal Entries)106affected
SAP_SESAP S4CORE (Manage Journal Entries)107affected
SAP_SESAP S4CORE (Manage Journal Entries)108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References