← voltar
CVE-2025-42899

Missing Authorization check in SAP S4CORE (Manage Journal Entries)

CVSS 4.3 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
11 nov 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP_SE · SAP S4CORE (Manage Journal Entries)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3530544https://url.sap/sapsecuritypatchday