CVE-2025-43002

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-472
View all →

Vulnerability Description

SAP S4CORE OData meta-data property allows an authenticated attacker to access restricted information due to missing authorization check. This could cause a low impact on confidentiality but integrity and availability of the application are not impacted.

Related Vulnerabilities

CVE-2025-31327

MEDIUM
CVSS:4.3(Medium)

SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on...

CWE-4722025

CVE-2025-31333

MEDIUM
CVSS:4.3(Medium)

SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentia...

CWE-4722025

CVE-2019-13927

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6...

CWE-4722019

CVE-2020-1765

MEDIUM
CVSS:5.3(Medium)

An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue af...

CWE-4722020

CVE-2021-27769

MEDIUM
CVSS:5.3(Medium)

Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a b...

CWE-4722021

CVE-2022-30597

MEDIUM
CVSS:5.3(Medium)

A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.

CWE-4722022