Impact
The vulnerability is a missing authorization check in the SAP S/4HANA Draft operation. An authenticated user that has restricted permissions can access information within the entity, leading to an escalation of privileges. This bypass causes a low impact on confidentiality but does not affect integrity or availability of the application.
Affected Systems
SAP S/4HANA No specific version details are provided in the CNA data.
Risk and Exploitability
The CVSS score of 4.3 classifies the severity as low, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation evidence. The likely attack vector requires an authenticated user it does not enable remote code execution or denial of service. Exploitation would allow the attacker to gain higher privileges within the same entity, but the probability of widespread impact remains low.
OpenCVE Enrichment