CVE-2025-42987

SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3596850
https://url.sap/sapsecuritypatchday

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 01:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-42987

Mitre link : CVE-2025-42987

CVE.ORG link : CVE-2025-42987

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10