CVE-2023-42475 MEDIUM

CVE-2023-42475: Information Disclosure Vulnerability in Statutory Reporting

Vendor Sap_Se
Product SAP S/4HANA Core
Weakness CWE-209 · Error message info leak
Published October 10, 2023
Last update September 28, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

Key dates

02Disclosure timeline

October 10, 2023 CVE published
September 28, 2024 Record updated