CVE-2023-42473

MEDIUM

SAP S/4HANA 106 - Authenticated Privilege Escalation via Missing Authorization

Title source: llm

Description

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3219846

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.4

EPSS 0.0015

EPSS Percentile 34.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

sap/s\/4hana 106

Published Oct 10, 2023

Tracked Since Feb 18, 2026