CVE-2025-27436
published 2025-03-11CVE-2025-27436: The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact…
medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_hyperv-daemons_6.6.22.1-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_hyperv-daemons_6.6.35.1-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| sap_se | sap_s_4hana | — | — |
| sap_se | sap_s_4hana | — | — |