CVE-2023-40625Missing Authorization in SE SAP Manage Purchase Contracts APP

CWE-862Missing Authorization3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 64.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Manage Purchase Contracts APPSAP S4core
Timeline
PublishedSep 12
Latest updateSep 13

Description

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDsap/s4core6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-hjg5-r3cj-8vc3: S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated u2023-09-13
CVEList
Missing Authorization check in SAP Manage Purchase Contracts App2023-09-12
CVE-2023-40625 — Missing Authorization | cvebase