CVE-2023-40625
Missing Authorization check in SAP Manage Purchase Contracts App
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
S4CORE (Manage Purchase Contracts App): versiones 102, 103, 104, 105, 106, 107, no realiza las comprobaciones de autorización necesarias para un usuario autenticado. Esto podrÃa permitir a un atacante realizar acciones no intencionadas, lo que resulta en una escalada de privilegios que tiene un bajo impacto en la confidencialidad y la integridad sin impacto en la disponibilidad del sistema.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-17 CVE Reserved
- 2023-09-12 CVE Published
- 2024-09-18 EPSS Updated
- 2024-09-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-09-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 102 Search vendor "Sap" for product "S4core" and version "102" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 103 Search vendor "Sap" for product "S4core" and version "103" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 104 Search vendor "Sap" for product "S4core" and version "104" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 105 Search vendor "Sap" for product "S4core" and version "105" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 106 Search vendor "Sap" for product "S4core" and version "106" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 107 Search vendor "Sap" for product "S4core" and version "107" | - |
Affected
| ||||||