Home

Description

SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-11-11 | Updated 2025-11-12 | Assigner sap




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

S4CORE 104
affected

105
affected

106
affected

107
affected

108
affected

References

me.sap.com/notes/3530544

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42899)

nvd.nist.gov (CVE-2025-42899)

Download JSON