CVE-2025-27432
LOWSAP Electronic Invoicing for Brazil - Privilege Escalation
Title source: llmDescription
The eDocument Cockpit (Inbound NF-e) in SAP Electronic Invoicing for Brazil allows an authenticated attacker with certain privileges to gain unauthorized access to each transaction. By executing the specific ABAP method within the ABAP system, an unauthorized attacker could call each transaction and view the inbound delivery details. This vulnerability has a low impact on the confidentiality with no effect on the integrity and the availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3568865
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
2.4
EPSS
0.0006
EPSS Percentile
17.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (9)
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
103
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
104
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
105
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
106
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
107
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
108
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
618
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
S4CORE 102
SAP_SE/SAP Electronic Invoicing for Brazil (eDocument Cockpit)
SAP_APPL 617
Published
Mar 11, 2025
Tracked Since
Feb 18, 2026