CVE-2025-42987

SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3596850
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) SAP Manage Processing Rules (para extractos bancarios) permite a un atacante con privilegios básicos editar las reglas compartidas de cualquier usuario manipulando el parámetro de solicitud. Debido a la falta de verificación de autorización, el atacante puede editar reglas que deberían estar restringidas, lo que compromete la integridad de la aplicación.

10 Jun 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 01:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-42987

Mitre link : CVE-2025-42987

CVE.ORG link : CVE-2025-42987

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10