CVE-2023-41368

🗓️ 12 Sep 2023 01:59:39Reported by sapType

The S4 HANA OData service allows an attacker to change the checkbook name

Reporter	Title	Published	Views	Family All 10
CNNVD	SAP S4 HANA Security Breach	12 Sep 202300:00	–	cnnvd
Cvelist	CVE-2023-41368 Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)	12 Sep 202301:59	–	cvelist
EUVD	EUVD-2023-45871	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in SAP products	14 Sep 202300:00	–	ncsc
NVD	CVE-2023-41368	12 Sep 202302:15	–	nvd
OSV	CVE-2023-41368	12 Sep 202302:15	–	osv
Prion	Design/Logic Flaw	12 Sep 202302:15	–	prion
Positive Technologies	PT-2023-27931 · Sap · S/4Hana	11 Sep 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-41368	23 May 202505:14	–	redhatcve
Vulnrichment	CVE-2023-41368 Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)	12 Sep 202301:59	–	vulnrichment

NVD

Vulners

Node

sap s/4_hanaMatch102

sap s/4_hanaMatch103

sap s/4_hanaMatch104

sap s/4_hanaMatch105

sap s/4_hanaMatch106

sap s/4_hanaMatch107

[
  {
    "defaultStatus": "unaffected",
    "product": "S4 HANA ABAP (Manage checkbook apps)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "102"
      },
      {
        "status": "affected",
        "version": "103"
      },
      {
        "status": "affected",
        "version": "104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3355675
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

21 Nov 2024 08:21Current

4.2Medium risk

Vulners AI Score4.2

CVSS 3.12.7 - 5.3

EPSS0.00152

SSVC

CWE-639