S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.
History

Wed, 25 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published: 2023-09-12T02:00:13.727Z

Updated: 2024-09-25T15:28:24.390Z

Reserved: 2023-08-17T18:10:44.968Z

Link: CVE-2023-40625

cve-icon Vulnrichment

Updated: 2024-08-02T18:38:51.007Z

cve-icon NVD

Status : Modified

Published: 2023-09-12T03:15:14.147

Modified: 2024-11-21T08:19:50.863

Link: CVE-2023-40625

cve-icon Redhat

No data.