Primary

Context

SAP S4CORE OData Missing Authorization Check Vulnerability Allowing Access to Restricted Information

Vulnerability

A vulnerability exists in SAP S4CORE OData due to a missing authorization check on meta-data properties, allowing authenticated attackers to access restricted information. This issue could lead to a low impact on confidentiality, while integrity and availability are not affected.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, potentially leading to data exposure or misuse.

Remediation

Users are advised to review and implement the relevant SAP Security Notes. These can be accessed through the SAP for Me platform, specifically in the 'All Security Notes' section. For details on upcoming SAP Security Patch Days, refer to the SAP Security Patch Day Bulletin.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

4.9

remediation

6.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S4CORE OData Missing Authorization Check Vulnerability Allowing Access to Restricted Information

Vulnerability

Impact

Remediation

Affected Products

SAP S4CORE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating