CVE-2023-40625
Missing Authorization check in SAP Manage Purchase Contracts App
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
S4CORE (Manage Purchase Contracts App): versiones 102, 103, 104, 105, 106, 107, no realiza las comprobaciones de autorización necesarias para un usuario autenticado. Esto podrÃa permitir a un atacante realizar acciones no intencionadas, lo que resulta en una escalada de privilegios que tiene un bajo impacto en la confidencialidad y la integridad sin impacto en la disponibilidad del sistema.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2023-08-17 CVE Reserved
- 2023-09-12 CVE Published
- 2024-09-18 EPSS Updated
- 2024-09-25 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-09-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 102 Search vendor "Sap" for product "S4core" and version "102" | - |
Affected
| ||||||
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 103 Search vendor "Sap" for product "S4core" and version "103" | - |
Affected
| ||||||
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 104 Search vendor "Sap" for product "S4core" and version "104" | - |
Affected
| ||||||
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 105 Search vendor "Sap" for product "S4core" and version "105" | - |
Affected
| ||||||
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 106 Search vendor "Sap" for product "S4core" and version "106" | - |
Affected
| ||||||
Sap Search vendor "Sap" | S4core Search vendor "Sap" for product "S4core" | 107 Search vendor "Sap" for product "S4core" and version "107" | - |
Affected
|