PT-2025-49766 · Sap · Sap S/4 Hana Private Cloud
Published
2025-12-09
·
Updated
2025-12-09
·
CVE-2025-42876
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:S/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SAP S/4 HANA Private Cloud (Financials General Ledger) (affected versions not specified)
Description
A missing authorization check exists in SAP S/4 HANA Private Cloud (Financials General Ledger). An authenticated attacker with limited authorization to a single company code can read sensitive data and create or modify documents across all company codes. This could lead to a high impact on data confidentiality and a low impact on data integrity.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap S/4 Hana Private Cloud