CVE-2025-43009
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Service Parts Management (SPM) | SAP_APPL 600 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 602 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 603 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 604 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 605 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 606 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 616 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 617 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 618 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | S4CORE 100 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 101 | affected |
| SAP_SE | SAP Service Parts Management (SPM) | 102 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.