EUVD-2025-17602

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

SAP S/4HANA lacks authorization checks allowing unauthorized access to purchase contracts functionality.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-42984	10 Jun 202503:51	–	circl
CNNVD	SAP S/4HANA Manage Central Purchase Contract 安全漏洞	10 Jun 202500:00	–	cnnvd
CVE	CVE-2025-42984	10 Jun 202500:11	–	cve
Cvelist	CVE-2025-42984 Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)	10 Jun 202500:11	–	cvelist
NCSC	Vulnerabilities fixed in SAP Products	10 Jun 202510:15	–	ncsc
NVD	CVE-2025-42984	10 Jun 202501:15	–	nvd
Positive Technologies	PT-2025-24588 · Sap · Sap S/4Hana	10 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-42984	12 Jun 202500:18	–	redhatcve
Vulnrichment	CVE-2025-42984 Missing Authorization check in SAP S/4HANA (Manage Central Purchase Contract application)	10 Jun 202500:11	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "6d0defd2-54b6-391e-85c6-44658ea0b50d",
        "vendor": {
          "name": "SAP_SE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "8e268f5b-4ef1-3327-9678-5935d4eb889c",
        "product": {
          "name": "SAP S/4HANA (Manage Central Purchase Contract application)"
        },
        "product_version": "S4CORE 106"
      },
      {
        "id": "af22b1d3-4332-39a1-8a9d-f305159e36be",
        "product": {
          "name": "SAP S/4HANA (Manage Central Purchase Contract application)"
        },
        "product_version": "108"
      },
      {
        "id": "c3c5f119-87ed-3349-944e-c3a7e0fe3fac",
        "product": {
          "name": "SAP S/4HANA (Manage Central Purchase Contract application)"
        },
        "product_version": "107"
      }
    ]
  }
]

Source	Link
me	www.me.sap.com/notes/3441087
url	www.url.sap/sapsecuritypatchday
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-42984

03 Oct 2025 20:07Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.4

EPSS0.00208

SSVC