Lucene search

SapCVELIST:CVE-2023-35870

HistoryJul 11, 2023 - 2:40 a.m.

CVE-2023-35870 Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

2023-07-1102:40:26

CWE-284

sap

www.cve.org

cve-2023-35870

improper access control

sap s/4hana

manage journal entry template

confidentiality impact

integrity impact

resource unavailability

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

29.1%

JSON

When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP S/4HANA (Manage Journal Entry Template)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "S4CORE 104"
      },
      {
        "status": "affected",
        "version": "105"
      },
      {
        "status": "affected",
        "version": "106"
      },
      {
        "status": "affected",
        "version": "107"
      }
    ]
  }
]

References

me.sap.com/notes/3341211

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html