CVE-2023-35870 MEDIUM

CVE-2023-35870: Improper Access Control in SAP S/4HANA (Manage Journal Entry Template)

Vendor Sap_Se
Product SAP S/4HANA (Manage Journal Entry Template)
Weakness CWE-732
Published July 11, 2023
Last update October 29, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 107, an attacker could intercept the save request and change the template, leading to an impact on confidentiality and integrity of the resource. Furthermore, a standard template could be deleted, hence making the resource temporarily unavailable.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
October 29, 2024 Record updated