CVE-2025-42984 β€” Missing Authorization in SE SAP S 4hana

CWE-862 β€” Missing Authorization3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 56.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP S 4hana
Timeline
PublishedJun 10

Description

SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages1 packages

β–ΆCVEListV5sap_se/sap_s_4hana107, 108, S4CORE 106+2

πŸ”΄Vulnerability Details

2
GHSA
GHSA-qr2r-6pw3-h7m4: SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user↗2025-06-10
β–Ά
CVEList
Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)β†—2025-06-10
β–Ά
CVE-2025-42984 β€” Missing Authorization | cvebase