CVE-2025-42876

High CVSS: 7.1

Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected.

Vendor

Product

CWE

CWE-405

Yayın Tarihi

2025-12-09 16:17:51

Güncelleme

2025-12-09 18:36:53

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-405 HIGH 2025

Referanslar

https://me.sap.com/notes/3672151 https://url.sap/sapsecuritypatchday