Refine your search
2 vulnerabilities found for SAP S4CORE (Manage Journal Entries) by SAP_SE
CVE-2025-42899 (GCVE-0-2025-42899)
Vulnerability from nvd
Published
2025-11-11 00:20
Modified
2025-11-12 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP S4CORE (Manage Journal Entries) |
Version: S4CORE 104 Version: 105 Version: 106 Version: 107 Version: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:31:15.562052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:09:49.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S4CORE (Manage Journal Entries)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T00:20:03.667Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3530544"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP S4CORE (Manage Journal Entries)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-42899",
"datePublished": "2025-11-11T00:20:03.667Z",
"dateReserved": "2025-04-16T13:25:22.789Z",
"dateUpdated": "2025-11-12T20:09:49.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-42899 (GCVE-0-2025-42899)
Vulnerability from cvelistv5
Published
2025-11-11 00:20
Modified
2025-11-12 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP S4CORE (Manage Journal Entries) |
Version: S4CORE 104 Version: 105 Version: 106 Version: 107 Version: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-42899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T17:31:15.562052Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T20:09:49.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP S4CORE (Manage Journal Entries)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T00:20:03.667Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3530544"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP S4CORE (Manage Journal Entries)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-42899",
"datePublished": "2025-11-11T00:20:03.667Z",
"dateReserved": "2025-04-16T13:25:22.789Z",
"dateUpdated": "2025-11-12T20:09:49.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}