← voltar
CVE-2025-27432

Missing Authorization check in SAP Electronic Invoicing for Brazil (eDocument Cockpit)

CVSS 2.4 LOWEPSS 0.2%CWE-862
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 mar 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP Electronic Invoicing for Brazil (eDocument Cockpit)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3568865https://url.sap/sapsecuritypatchday