Missing Authorization Check in Fiori app (Manage Payment Blocks)

5.4 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Description

Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.

Basic Information

ID CVE-2025-42915

Source sap

Published Sep 9, 2025 at 02:06

Affected Product

Vendor SAP_SE

Product Fiori app (Manage Payment Blocks)

Version S4CORE 107

Affected Versions SAP_SE Fiori app (Manage Payment Blocks) S4CORE 107
SAP_SE Fiori app (Manage Payment Blocks) 108

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Fiori app Manage Payment Blocks does not perform the necessary authorization checks, allowing an attacker with basic user privileges to abuse functionalities that should be restricted to specific user groups.This issue could impact both the confidentiality and integrity of the application without affecting the availability.",
    "published": "2025-09-09T02:06:32.797Z",
    "modified": "2025-09-09T02:06:32.797Z",
    "type": "cve",
    "title": "Missing Authorization Check in Fiori app (Manage Payment Blocks)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3409013\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42915",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE Fiori app (Manage Payment Blocks) S4CORE 107\nSAP_SE Fiori app (Manage Payment Blocks) 108",
    "sourceHref": "",
    "cvss": {
        "score": 5.4,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fiori app (Manage Payment Blocks)",
    "version": "S4CORE 107",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization Check in Fiori app (Manage Payment Blocks)_CVE-2025-42915