216.73.216.133

CVE-2025-43010

· Published 13/05/2025 01:15 · Modified 13/05/2025 01:15

Labels: CVE-2025-43010 2025-05-13CVE-2025-43010CWE-94[email protected]

Essential information

Published
13/05/2025 01:15
Modified
13/05/2025 01:15
Author
Creator
CVSS
8.3 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H

CVSS metrics

Description

SAP S/4HANA Cloud Private Edition or on Premise (SCM Master Data Layer (MDL)) allows an authenticated attacker with SAP standard authorization to execute a certain function module remotely and replace arbitrary ABAP programs, including SAP standard programs. This is due to lack of input validation and no authorization checks. This has low Confidentiality impact but high impact on integrity and availability to the application.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sap / sap s4hana cloud private edition cpe:2.3:a:sap:sap_s4hana_cloud_private_edition:*:*:*:*:*:*:*:*
sap / sap s4hana cpe:2.3:a:sap:sap_s4hana:*:*:*:*:*:*:*:*

References