Vulnerabilities > CVE-2023-40625 - Missing Authorization vulnerability in SAP S4Core

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2023-09-12

Updated: 2023-09-13

Summary

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP S4Core 102 SAP S4Core 103 SAP S4Core 104 SAP S4Core 105 SAP S4Core 106 SAP S4Core 107	6

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://me.sap.com/notes/3326361
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html