CVE-2023-35870

Name of the Vulnerable Software and Affected Versions SAP S/4HANA versions S4CORE 104 through 107

Description The issue is related to insufficient access control in the Manage Journal Entry Template component of SAP S/4HANA. This can allow a remote attacker to read, modify, or delete files. When creating a journal entry template, an attacker could intercept the save request and change the template, impacting the confidentiality and integrity of the resource. Additionally, a standard template could be deleted, making the resource temporarily unavailable.

Recommendations For versions S4CORE 104 through 107, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the Manage Journal Entry Template component to minimize the risk of exploitation. Avoid using the save request functionality in the affected component until the issue is resolved.