CVE-2025-27436
Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
SAP_SE · SAP S/4HANA (Manage Bank Statements)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →