CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27436 – Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
https://notcve.org/view.php?id=CVE-2025-27436
11 Mar 2025 — The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application. • https://me.sap.com/notes/3565835 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27433 – Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
https://notcve.org/view.php?id=CVE-2025-27433
11 Mar 2025 — The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and availability of the application. • https://me.sap.com/notes/3565835 • CWE-639: Authorization Bypass Through User-Controlled Key •