Missing Authorization check in SAP S4CORE (Manage Journal Entries)

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.

Basic Information

ID CVE-2025-42899

Source sap

Published Nov 11, 2025 at 00:20

Affected Product

Vendor SAP_SE

Product SAP S4CORE (Manage Journal Entries)

Version S4CORE 104

Affected Versions SAP_SE SAP S4CORE (Manage Journal Entries) S4CORE 104
SAP_SE SAP S4CORE (Manage Journal Entries) 105
SAP_SE SAP S4CORE (Manage Journal Entries) 106
SAP_SE SAP S4CORE (Manage Journal Entries) 107
SAP_SE SAP S4CORE (Manage Journal Entries) 108

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "SAP S4CORE (Manage journal entries) does not perform necessary authorization checks for an authenticated user resulting in escalation of privileges. This has low impact on confidentiality of the application with no impact on integrity and availability of the application.",
    "published": "2025-11-11T00:20:03.667Z",
    "modified": "2025-11-11T00:20:03.667Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP S4CORE (Manage Journal Entries)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3530544\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42899",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP S4CORE (Manage Journal Entries) S4CORE 104\nSAP_SE SAP S4CORE (Manage Journal Entries) 105\nSAP_SE SAP S4CORE (Manage Journal Entries) 106\nSAP_SE SAP S4CORE (Manage Journal Entries) 107\nSAP_SE SAP S4CORE (Manage Journal Entries) 108",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP S4CORE (Manage Journal Entries)",
    "version": "S4CORE 104",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization check in SAP S4CORE (Manage Journal Entries)_CVE-2025-42899