CVE-2023-42475

The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.

CVSS v3.0 4.3 MEDIUM

4.3^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3222121	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s\/4hana:102:::::::*
	cpe:2.3:a:sap:s\/4hana:103:::::::*
	cpe:2.3:a:sap:s\/4hana:104:::::::*
	cpe:2.3:a:sap:s\/4hana:105:::::::*
	cpe:2.3:a:sap:s\/4hana:106:::::::*
	cpe:2.3:a:sap:s\/4hana:128:::::::*

History

28 Sep 2024, 23:15

Type	Values Removed	Values Added
Summary	~~The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.~~	The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.
CWE	~~CWE-200~~	CWE-209

11 Oct 2023, 19:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-10 02:15

Updated : 2024-09-28 23:15

NVD link : CVE-2023-42475

Mitre link : CVE-2023-42475

JSON object : View

Products Affected

sap

s\/4hana

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

4.3 /10