CVE-2025-30016 β€” Storage of Sensitive Data in a Mechanism without Access Control in SE SAP Financial Consolidation

CWE-921 β€” Storage of Sensitive Data in a Mechanism without Access Control3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 34.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Financial Consolidation
Timeline
PublishedApr 8

Description

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

β–ΆCVEListV5sap_se/sap_financial_consolidationFINANCE 1010

πŸ”΄Vulnerability Details

2
GHSA
GHSA-4wrv-c229-vc5p: SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account↗2025-04-08
β–Ά
CVEList
Authentication Bypass Vulnerability in SAP Financial Consolidation↗2025-04-08
β–Ά
CVE-2025-30016 β€” CRITICAL severity | cvebase