CVE-2025-27432
LOWCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Tags
Description
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
Analysis
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. [CVSS 2.4 LOW]
Technical Context
Classified as CWE-862 (Missing Authorization). The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
Affected Products
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthori
Remediation
Monitor vendor advisories for a patch.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today