CVE-2023-1903 MEDIUM

CVE-2023-1903: Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0)

Vendor Sap

Product HCM Fiori App My Forms (Fiori 2.0)

Weakness CWE-862 · Missing authorization

Published April 11, 2023

Last update February 7, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.

Key dates

02Disclosure timeline

April 11, 2023 CVE published

February 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-1903 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-32520 WordPress WPC Grouped Product for WooCommerce plugin <= 4.4.2 - Broken Access Control vulnerability CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure CVE-2025-14947 All-in-One Video Gallery <= 4.6.4 - Missing Authorization to Unauthenticated Bunny Stream Video Creation/Deletion CVE-2026-42640 WordPress Classified Listing plugin <= 5.3.8 - Broken Access Control vulnerability