← voltar
CVE-2025-42939

Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements)

CVSS 4.3 MEDIUMEPSS 0.2%CWE-863
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering the request parameter. Due to missing authorization check, the attacker can delete shared rule conditions that should be restricted, compromising the integrity of the application without affecting its confidentiality or availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Produtos afetados
SAP_SE · SAP S/4HANA (Manage Processing Rules - For Bank Statements)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://me.sap.com/notes/3625683https://url.sap/sapsecuritypatchday