Primary

Context

SAP S/4HANA Manage Bank Statements Access Control Vulnerability Allowing Attachment Deletion

Vulnerability

A vulnerability exists in the Manage Bank Statements feature of SAP S/4HANA, where insufficient access control checks allow authenticated users to illegitimately delete attachments from posted bank statements. This flaw results in a low integrity impact, with no effect on data confidentiality or application availability.

Impact

Exploitation of this vulnerability leads to unauthorized deletion of attachments from posted bank statements, causing a low integrity impact.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S/4HANA Manage Bank Statements Access Control Vulnerability Allowing Attachment Deletion

Vulnerability

Impact

Remediation

Affected Products

SAP S/4HANA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating