Search criteria
4 vulnerabilities found for SAP Service Parts Management (SPM) by SAP_SE
CVE-2025-43009 (GCVE-0-2025-43009)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:19 – Updated: 2025-05-13 14:11
VLAI?
Summary
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Service Parts Management (SPM) |
Affected:
SAP_APPL 600
Affected: 602 Affected: 603 Affected: 604 Affected: 605 Affected: 606 Affected: 616 Affected: 617 Affected: 618 Affected: S4CORE 100 Affected: 101 Affected: 102 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:09:37.192975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:11:47.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Service Parts Management (SPM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "602"
},
{
"status": "affected",
"version": "603"
},
{
"status": "affected",
"version": "604"
},
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "616"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "102"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:19:41.795Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/2491817"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Service Parts Management (SPM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-43009",
"datePublished": "2025-05-13T00:19:41.795Z",
"dateReserved": "2025-04-16T13:25:53.589Z",
"dateUpdated": "2025-05-13T14:11:47.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43007 (GCVE-0-2025-43007)
Vulnerability from cvelistv5 – Published: 2025-05-13 00:19 – Updated: 2025-05-13 13:58
VLAI?
Summary
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Service Parts Management (SPM) |
Affected:
SAP_APPL 617
Affected: 618 Affected: S4CORE 100 Affected: 101 Affected: 102 Affected: 103 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:58:07.991282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:58:16.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Service Parts Management (SPM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "102"
},
{
"status": "affected",
"version": "103"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:19:18.709Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/2719724"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Service Parts Management (SPM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-43007",
"datePublished": "2025-05-13T00:19:18.709Z",
"dateReserved": "2025-04-16T13:25:53.589Z",
"dateUpdated": "2025-05-13T13:58:16.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43009 (GCVE-0-2025-43009)
Vulnerability from nvd – Published: 2025-05-13 00:19 – Updated: 2025-05-13 14:11
VLAI?
Summary
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Service Parts Management (SPM) |
Affected:
SAP_APPL 600
Affected: 602 Affected: 603 Affected: 604 Affected: 605 Affected: 606 Affected: 616 Affected: 617 Affected: 618 Affected: S4CORE 100 Affected: 101 Affected: 102 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T14:09:37.192975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T14:11:47.930Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Service Parts Management (SPM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "602"
},
{
"status": "affected",
"version": "603"
},
{
"status": "affected",
"version": "604"
},
{
"status": "affected",
"version": "605"
},
{
"status": "affected",
"version": "606"
},
{
"status": "affected",
"version": "616"
},
{
"status": "affected",
"version": "617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "102"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:19:41.795Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/2491817"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Service Parts Management (SPM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-43009",
"datePublished": "2025-05-13T00:19:41.795Z",
"dateReserved": "2025-04-16T13:25:53.589Z",
"dateUpdated": "2025-05-13T14:11:47.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-43007 (GCVE-0-2025-43007)
Vulnerability from nvd – Published: 2025-05-13 00:19 – Updated: 2025-05-13 13:58
VLAI?
Summary
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.
Severity ?
6.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | SAP Service Parts Management (SPM) |
Affected:
SAP_APPL 617
Affected: 618 Affected: S4CORE 100 Affected: 101 Affected: 102 Affected: 103 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-43007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:58:07.991282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:58:16.900Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SAP Service Parts Management (SPM)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 617"
},
{
"status": "affected",
"version": "618"
},
{
"status": "affected",
"version": "S4CORE 100"
},
{
"status": "affected",
"version": "101"
},
{
"status": "affected",
"version": "102"
},
{
"status": "affected",
"version": "103"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application.\u003c/p\u003e"
}
],
"value": "SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on confidentiality, integrity and availability of the application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T00:19:18.709Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://me.sap.com/notes/2719724"
},
{
"url": "https://url.sap/sapsecuritypatchday"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Missing Authorization check in SAP Service Parts Management (SPM)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2025-43007",
"datePublished": "2025-05-13T00:19:18.709Z",
"dateReserved": "2025-04-16T13:25:53.589Z",
"dateUpdated": "2025-05-13T13:58:16.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}