CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
16.8%
Manage Incoming Payment Files (F1680) of SAP
S/4HANA does not perform necessary authorization checks for an authenticated
user, resulting in escalation of privileges. As a result, it has high impact on
integrity and no impact on the confidentiality and availability of the system.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | s\/4_hana | 103 | cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:* |
sap | s\/4_hana | 104 | cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:* |
sap | s\/4_hana | 105 | cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:* |
sap | s\/4_hana | 106 | cpe:2.3:a:sap:s\/4_hana:106:*:*:*:*:*:*:* |
sap | s\/4_hana | 107 | cpe:2.3:a:sap:s\/4_hana:107:*:*:*:*:*:*:* |
sap | s\/4_hana | 108 | cpe:2.3:a:sap:s\/4_hana:108:*:*:*:*:*:*:* |
sap | s\/4_hana | s4core_102 | cpe:2.3:a:sap:s\/4_hana:s4core_102:*:*:*:*:*:*:* |
[
{
"defaultStatus": "unaffected",
"product": "SAP S/4HANA (Manage Incoming Payment Files)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 102"
},
{
"status": "affected",
"version": "103"
},
{
"status": "affected",
"version": "104"
},
{
"status": "affected",
"version": "105"
},
{
"status": "affected",
"version": "106"
},
{
"status": "affected",
"version": "107"
},
{
"status": "affected",
"version": "108"
}
]
}
]