CVE-2025-43011 | THREATINT

Description

Under certain conditions, SAP Landscape Transformation's PCL Basis module does not perform the necessary authorization checks, allowing authenticated users to access restricted functionalities or data. This can lead to a high impact on confidentiality with no impact on the integrity or availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-05-13 | Updated 2025-05-13 | Assigner sap

HIGH: 7.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

DMIS 2011_1_700

affected

2011_1_710

affected

2011_1_730

affected

2011_1_731

affected

2018_1_752

affected

2020

affected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

108

affected

References

me.sap.com/notes/3591978

url.sap/sapsecuritypatchday

cve.org (CVE-2025-43011)

nvd.nist.gov (CVE-2025-43011)

Download JSON