CVE-2023-40625
Last modified
CVE-2023-40625 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system. . EPSS estimates a 0.30% chance of exploitation in the next 30 days.
Description
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | S4core | 102 |
| Sap | S4core | 103 |
| Sap | S4core | 104 |
| Sap | S4core | 105 |
| Sap | S4core | 106 |
| Sap | S4core | 107 |
References
- https://me.sap.com/notes/3326361Permissions Required
- https://me.sap.com/notes/3326361Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-40625?
How severe is CVE-2023-40625?
How do I fix CVE-2023-40625?
Are you affected by CVE-2023-40625?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST