CVE-2025-43002
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP S4/HANA (OData meta-data property) | S4CORE 102 | affected |
| SAP_SE | SAP S4/HANA (OData meta-data property) | 103 | affected |
| SAP_SE | SAP S4/HANA (OData meta-data property) | 104 | affected |
| SAP_SE | SAP S4/HANA (OData meta-data property) | 105 | affected |
| SAP_SE | SAP S4/HANA (OData meta-data property) | 106 | affected |
Weaknesses
- CWE-472: CWE-472: External Control of Assumed-Immutable Web Parameter
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.