S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
References
| Link | Resource |
|---|---|
| https://me.sap.com/notes/3326361 | Permissions Required |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
| https://me.sap.com/notes/3326361 | Permissions Required |
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:19
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://me.sap.com/notes/3326361 - Permissions Required | |
| References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
13 Sep 2023, 14:59
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:* cpe:2.3:a:sap:s4core:104:*:*:*:*:*:*:* cpe:2.3:a:sap:s4core:105:*:*:*:*:*:*:* cpe:2.3:a:sap:s4core:107:*:*:*:*:*:*:* cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:* cpe:2.3:a:sap:s4core:106:*:*:*:*:*:*:* |
|
| First Time |
Sap
Sap s4core |
|
| References | (MISC) https://me.sap.com/notes/3326361 - Permissions Required | |
| References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
12 Sep 2023, 11:52
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-12 03:15
Updated : 2024-11-21 08:19
NVD link : CVE-2023-40625
Mitre link : CVE-2023-40625
CVE.ORG link : CVE-2023-40625
JSON object : View
Products Affected
sap
- s4core
CWE
CWE-862
Missing Authorization