CVE-2023-42475

Name of the Vulnerable Software and Affected Versions Statutory Reporting application (affected versions not specified) SAP S/4HANA (affected versions not specified)

Description The issue concerns a vulnerable file storage location in the Statutory Reporting application, potentially allowing a low-privileged attacker to read server files with minimal impact on confidentiality. Additionally, there is a vulnerability in the SAP S/4HANA platform related to the lack of protection for service data, which could allow a remote attacker to disclose protected information.

Recommendations For the Statutory Reporting application, consider restricting access to the vulnerable file storage location until a fix is available. For SAP S/4HANA, restrict access to service data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.