Primary

Context

SAP S/4HANA Authorization Check Vulnerability in Manage Central Purchase Contract

Vulnerability

A vulnerability exists in SAP S/4HANA Manage Central Purchase Contract due to insufficient authorization checks for authenticated users. This flaw allows an attacker to execute function imports on the entity, potentially making it accessible to users without proper authorization. The vulnerability has a low impact on the application's confidentiality and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to functions within the application, allowing users to perform actions or access data without the necessary permissions.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For details on the next SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin.

Added: Jun 10, 2025, 1:24 AM

Updated: Jun 10, 2025, 1:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S/4HANA Authorization Check Vulnerability in Manage Central Purchase Contract

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating