1 results (0.004 seconds)
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2025-27429 – Code Injection Vulnerability in SAP S/4HANA (Private Cloud or On-Premise)
https://notcve.org/view.php?id=CVE-2025-27429
08 Apr 2025 — SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system. SAP S/4HANA permite a un atacante con privilegios de usuario explotar una vulnerabilidad en el módulo d... • https://me.sap.com/notes/3581961 • CWE-94: Improper Control of Generation of Code ('Code Injection') •