Skip to main content

S 4Hana CVE-2023-42475

MEDIUM
Error Message Information Leak (CWE-209)
2023-10-10 cna@sap.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 10, 2023 - 02:15 nvd
MEDIUM 4.3

DescriptionNVD

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

AnalysisAI

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-209. The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. Affected products include: Sap S\/4Hana.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2021-38176 HIGH
8.8 Sep 14

Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call NZDT functi

CVE-2023-24524 MEDIUM
6.5 Feb 14

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated

CVE-2022-31589 MEDIUM
6.5 Jun 14

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction

CVE-2023-40306 MEDIUM
6.1 Sep 08

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a maliciou

CVE-2020-6184 MEDIUM
6.1 Feb 12

Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS ver

CVE-2023-42473 MEDIUM
5.4 Oct 10

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticat

CVE-2022-31597 MEDIUM
5.4 Jul 12

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extens

CVE-2020-6212 MEDIUM
5.4 Apr 24

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (version

CVE-2020-6185 MEDIUM
5.4 Feb 12

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS vers

CVE-2022-32248 MEDIUM
5.3 Jul 12

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106

CVE-2020-6214 MEDIUM
4.7 Apr 14

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Rated m

CVE-2020-6316 MEDIUM
4.3 Nov 10

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in

Share

CVE-2023-42475 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy