CVE-2025-43003

Medium CVSS: 6.4

SAP S/4 HANA allows an authenticated attacker with user privileges to configure a field not intended for their access and create a custom UI layout displaying this field. On performing this step the attacker could gain access to highly sensitive information. This could cause a high impact on confidentiality and minimal impact on integrity and availability of the application.

Vendor

Product

CWE

CWE-749

Yayın Tarihi

2025-05-13 01:15:48

Güncelleme

2025-05-13 19:35:18

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-749 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3596033 https://url.sap/sapsecuritypatchday