Search
Find a vulnerability
Search criteria
2 vulnerabilities found for SAP Field Logistics by SAP_SE
CVE-2025-31327 (GCVE-0-2025-31327)
Vulnerability from nvd – Published: 2025-04-22 18:25 – Updated: 2025-04-23 15:58
VLAI
Title
OData meta-data property entity tampering in SAP Field Logistics
Summary
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-472 - External Control of Assumed-Immutable Web Parameter
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Field Logistics |
Affected:
S4CORE 107
Affected: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:51:36.983123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:58:54.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Field Logistics",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.\u003c/p\u003e"
}
],
"value": "SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472: External Control of Assumed-Immutable Web Parameter",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:25:45.777Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3359825"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OData meta-data property entity tampering in SAP Field Logistics",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31327",
"datePublished": "2025-04-22T18:25:45.777Z",
"dateReserved": "2025-03-27T23:02:06.906Z",
"dateUpdated": "2025-04-23T15:58:54.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-31327 (GCVE-0-2025-31327)
Vulnerability from cvelistv5 – Published: 2025-04-22 18:25 – Updated: 2025-04-23 15:58
VLAI
Title
OData meta-data property entity tampering in SAP Field Logistics
Summary
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-472 - External Control of Assumed-Immutable Web Parameter
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SAP_SE | SAP Field Logistics |
Affected:
S4CORE 107
Affected: 108 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-31327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T18:51:36.983123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:58:54.786Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Field Logistics",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "S4CORE 107"
},
{
"status": "affected",
"version": "108"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.\u003c/p\u003e"
}
],
"value": "SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-472",
"description": "CWE-472: External Control of Assumed-Immutable Web Parameter",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:25:45.777Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/3359825"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "OData meta-data property entity tampering in SAP Field Logistics",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-31327",
"datePublished": "2025-04-22T18:25:45.777Z",
"dateReserved": "2025-03-27T23:02:06.906Z",
"dateUpdated": "2025-04-23T15:58:54.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}