Primary

Context

SAP GRC Credential Modification Vulnerability Allowing Non-Administrative User Access

Vulnerability

A vulnerability in SAP GRC allows non-administrative users to access and initiate transactions that could modify or control transmitted system credentials. This issue significantly impacts the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized modification or control of system credentials, causing a high impact on the application's confidentiality, integrity, and availability.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP for Me platform. This vulnerability will also be addressed in the upcoming SAP Security Patch Day.

Added: Jun 10, 2025, 1:32 AM

Updated: Jun 10, 2025, 1:32 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

7.5

exploitability

5.2

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

7.5

exploitability

5.2

remediation

7.9

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP GRC Credential Modification Vulnerability Allowing Non-Administrative User Access

Vulnerability

Impact

Remediation

Affected Products

SAP GRC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating