Home

Description

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-09 | Updated 2025-09-09 | Assigner sap




MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-352: Cross-Site Request Forgery (CSRF)

Product status

Default status
unaffected

UIS4HOP1 600
affected

700
affected

800
affected

900
affected

References

me.sap.com/notes/3450692

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42923)

nvd.nist.gov (CVE-2025-42923)

Download JSON