Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.

Basic Information

ID CVE-2025-42923

Source sap

Published Sep 9, 2025 at 02:09

Affected Product

Vendor SAP_SE

Product SAP Fiori App (F4044 Manage Work Center Groups)

Version UIS4HOP1 600

Affected Versions SAP_SE SAP Fiori App (F4044 Manage Work Center Groups) UIS4HOP1 600
SAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 700
SAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 800
SAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 900

CWE Classification

CWE-352

References

{
    "lastseen": "",
    "description": "Due to insufficient CSRF protection in SAP Fiori App Manage Work Center Groups, an authenticated user could be tricked by an attacker to send unintended request to the web server. This has low impact on integrity and no impact on confidentiality and availability of the application.",
    "published": "2025-09-09T02:09:47.744Z",
    "modified": "2025-09-09T02:09:47.744Z",
    "type": "cve",
    "title": "Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3450692\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42923",
    "bulletinFamily": "",
    "cwe": [
        "CWE-352"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Fiori App (F4044 Manage Work Center Groups) UIS4HOP1 600\nSAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 700\nSAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 800\nSAP_SE SAP Fiori App (F4044 Manage Work Center Groups) 900",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Fiori App (F4044 Manage Work Center Groups)",
    "version": "UIS4HOP1 600",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-Site Request Forgery (CSRF) vulnerability in SAP Fiori App (F4044 Manage Work Center Groups)_CVE-2025-42923