{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-31333", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-03-27T23:02:06.907Z", "datePublished": "2025-04-08T07:15:46.176Z", "dateUpdated": "2025-04-08T14:50:18.739Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP S4CORE entity", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "108"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.</p>"}], "value": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-472", "description": "CWE-472: External Control of Assumed-Immutable Web Parameter", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:15:46.176Z"}, "references": [{"url": "https://me.sap.com/notes/3525971"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Odata meta-data tampering in SAP S4CORE entity", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-08T13:14:13.088702Z", "id": "CVE-2025-31333", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T14:50:18.739Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-31333", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-08T13:14:13.088702Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-08T13:21:07.769Z"}}], "cna": {"title": "Odata meta-data tampering in SAP S4CORE entity", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP S4CORE entity", "versions": [{"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "108"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3525971"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-472", "description": "CWE-472: External Control of Assumed-Immutable Web Parameter"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-04-08T07:15:46.176Z"}}}, "cveMetadata": {"cveId": "CVE-2025-31333", "state": "PUBLISHED", "dateUpdated": "2025-04-08T14:50:18.739Z", "dateReserved": "2025-03-27T23:02:06.907Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-04-08T07:15:46.176Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"affected": [{"affectedData": [{"defaultStatus": "unaffected", "product": "SAP S4CORE entity", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "S4CORE 107"}, {"status": "affected", "version": "108"}]}], "source": "cna@sap.com"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP S4CORE OData meta-data property is vulnerable to data tampering, due to which entity set could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability is not impacted."}, {"lang": "es", "value": "La propiedad de metadatos OData de SAP S4CORE es vulnerable a la manipulaci\u00f3n de datos, por lo que un atacante podr\u00eda modificar externamente el conjunto de entidades, lo que tendr\u00eda un impacto m\u00ednimo en la integridad de la aplicaci\u00f3n. La confidencialidad y la disponibilidad no se ven afectadas."}], "id": "CVE-2025-31333", "lastModified": "2026-06-17T09:10:15.247", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-31333", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2025-04-08T13:14:13.088702Z", "version": "2.0.3"}}]}, "published": "2025-04-08T08:15:18.287", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3525971"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-472"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}