Primary

Context

SAP S/4HANA Bank Account Application Authorization Check Vulnerability Allowing Attachment Deletion

Vulnerability

A vulnerability exists in the Bank Account Application component of SAP S/4HANA due to insufficient authorization checks. This flaw enables an authenticated 'approver' user to delete attachments from the bank account application of other users. The issue results in a low integrity impact, with no effect on data confidentiality or application availability.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of attachments in the bank account application, potentially leading to loss of important information or documentation.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the Security Notes section. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.

Added: Jun 10, 2025, 1:21 AM

Updated: Jun 10, 2025, 1:21 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S/4HANA Bank Account Application Authorization Check Vulnerability Allowing Attachment Deletion

Vulnerability

Impact

Remediation

Affected Products

SAP S/4HANA

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating