CVE-2025-42984

SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3441087
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) SAP S/4HANA Manage Central Purchase Contract no realiza las comprobaciones de autorización necesarias para un usuario autenticado. Por ello, un atacante podría ejecutar la función de importación en la entidad, haciéndola inaccesible para usuarios sin restricciones. Esto tiene un impacto mínimo en la confidencialidad y la disponibilidad de la aplicación.

10 Jun 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 01:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-42984

Mitre link : CVE-2025-42984

CVE.ORG link : CVE-2025-42984

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

5.4 /10