First published: Tue Mar 11 2025(Updated: )
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP Electronic Invoicing for Brazil |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-27432 has been rated as a high-severity vulnerability due to the potential for unauthorized transaction access.
To fix CVE-2025-27432, apply the latest security patches provided by SAP for the Electronic Invoicing for Brazil product.
CVE-2025-27432 affects authorized users with certain privileges within the SAP Electronic Invoicing for Brazil system.
CVE-2025-27432 can be exploited through specific ABAP method execution allowing unauthorized access to transaction data.
The risks of CVE-2025-27432 include data exposure and manipulation, which can compromise the integrity of financial transactions.