Unauthorized Access Vulnerability in SAP Electronic Invoicing for Brazil
CVE-2025-27432

2.4LOW

Key Information:

Vendor: SAP
Status: SAP Electronic Invoicing For Brazil (edocument Cockpit)
Vendor: CVE Published:; 11 March 2025

Summary

The eDocument Cockpit in SAP Electronic Invoicing for Brazil has a vulnerability that allows an authenticated attacker with specific privileges to access transactions without authorization. By utilizing a particular ABAP method, the attacker can retrieve inbound delivery details, compromising the confidentiality of certain information. This issue does not affect the integrity or availability of the application.

Affected Version(s)

SAP Electronic Invoicing for Brazil (eDocument Cockpit) SAP_APPL 617

SAP Electronic Invoicing for Brazil (eDocument Cockpit) 618

SAP Electronic Invoicing for Brazil (eDocument Cockpit) S4CORE 102

References

https://me.sap.com/notes/3568865

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 25, 2025