CVE-2025-42984 PUBLISHED

Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

Assigner: sap
Reserved: 16.04.2025 Published: 10.06.2025 Updated: 10.06.2025

SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making it inaccessible for unrestricted user. This has low impact on confidentiality and availability of the application.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVSS Score: 5.4

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP S/4HANA (Manage Central Purchase Contract application)
Versions	Default: unaffected Version S4CORE 106 is affected Version 107 is affected Version 108 is affected

CVE-2025-42984 PUBLISHED

Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)

Metrics

Product Status

References

Problem Types