CVE-2022-31597

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions S4CORE 101 through 106 SAP S/4HANA version SAPSCORE 127

Description The issue is related to the application business partner extension for Spain/Slovakia in SAP S/4HANA, where it fails to perform necessary authorization checks for low-privileged authenticated users over the network. This results in an escalation of privileges, leading to a low impact on the confidentiality and integrity of the data. The vulnerability is associated with authorization errors in the Application Business Partner Extension component, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For SAP S/4HANA versions S4CORE 101 through 106, consider implementing additional authorization checks to prevent privilege escalation. For SAP S/4HANA version SAPSCORE 127, apply the necessary security patches or updates to address the authorization errors in the Application Business Partner Extension component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.