Primary

Context

SAP OData Service Privilege Escalation Vulnerability in Manage Purchasing Info Records

Vulnerability

A vulnerability exists in the OData Service within the Manage Purchasing Info Records application, where necessary authorization checks are not properly enforced for authenticated users. This flaw allows attackers to escalate privileges, although it has a low impact on the application's integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation.

Remediation

Users are advised to review and implement the SAP Security Notes available in SAP for Me. These notes contain important security patches and guidance. For details on the SAP Security Patch Day schedule and how to access SAP Security Notes, refer to the SAP Security Notes FAQ.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP OData Service Privilege Escalation Vulnerability in Manage Purchasing Info Records

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating