CVE-2023-42473Missing Authorization in SE S 4hana

CWE-862Missing Authorization3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 64.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE S 4hanaSAP S 4hana
Timeline
PublishedOct 10

Description

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDsap/s_4hana106
CVEListV5sap_se/s_4hana106

🔴Vulnerability Details

2
CVEList
Missing Authorization Check In S/4HANA (Manage Withholding Tax Items)2023-10-10
GHSA
GHSA-j972-ff67-2v59: S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalati2023-10-10
CVE-2023-42473 — Missing Authorization in SE S 4hana | cvebase