SAP S/4HANA Vulnerability in Manage Bank Statements Functionality
CVE-2025-27433

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (manage Bank Statements)
Vendor: CVE Published:; 11 March 2025

Summary

An issue in the Manage Bank Statements feature of SAP S/4HANA allows an authenticated attacker to bypass specific application restrictions. This flaw permits the upload of files to a reversed bank statement, potentially compromising application behavior while maintaining integrity safeguards.

Affected Version(s)

SAP S/4HANA (Manage Bank Statements) S4CORE 107

SAP S/4HANA (Manage Bank Statements) 108

References

https://me.sap.com/notes/3565835

https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Feb 25, 2025