What is the severity of CVE-2023-40625?

The severity of CVE-2023-40625 is medium with a severity value of 5.4.

What is the description of CVE-2023-40625?

CVE-2023-40625 refers to the vulnerability in S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106, and 107 that does not perform necessary authorization checks for an authenticated user, allowing potential privilege escalation.

Which software versions are affected by CVE-2023-40625?

S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106, and 107 are affected by CVE-2023-40625.

How can an attacker exploit CVE-2023-40625?

An attacker can exploit CVE-2023-40625 by leveraging the lack of necessary authorization checks to perform unintended actions, leading to the escalation of privileges.

Are there any references available for CVE-2023-40625?

Yes, you can find more information about CVE-2023-40625 at the following references: - [SAP Note 3326361](https://me.sap.com/notes/3326361) - [SAP Document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html)

Vulnerability/
CVE-2023-40625

medium

5.4

CWE

862

12/9/2023

25/9/2024

CVE-2023-40625: Missing Authorization check in SAP Manage Purchase Contracts App

First published: Tue Sep 12 2023(Updated: )

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.

Credit: cna@sap.com cna@sap.com

Affected Software	Affected Version	How to fix
Sap S4core	=102
Sap S4core	=103
Sap S4core	=104
Sap S4core	=105
Sap S4core	=106
Sap S4core	=107

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-40625?
The severity of CVE-2023-40625 is medium with a severity value of 5.4.
What is the description of CVE-2023-40625?
CVE-2023-40625 refers to the vulnerability in S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106, and 107 that does not perform necessary authorization checks for an authenticated user, allowing potential privilege escalation.
Which software versions are affected by CVE-2023-40625?
S4CORE (Manage Purchase Contracts App) versions 102, 103, 104, 105, 106, and 107 are affected by CVE-2023-40625.
How can an attacker exploit CVE-2023-40625?
An attacker can exploit CVE-2023-40625 by leveraging the lack of necessary authorization checks to perform unintended actions, leading to the escalation of privileges.
Are there any references available for CVE-2023-40625?
Yes, you can find more information about CVE-2023-40625 at the following references: - [SAP Note 3326361](https://me.sap.com/notes/3326361) - [SAP Document](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html)

collector/nvd-api
collector/nvd-index
agent/author
agent/references
agent/type
agent/softwarecombine
agent/severity
agent/title
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/sap
canonical/sap s4core
version/sap s4core/102
version/sap s4core/103
version/sap s4core/104
version/sap s4core/105
version/sap s4core/106
version/sap s4core/107

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.