CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-30016

CVSS 9.8v3.1pub. 2025-04-08upd. 2026-04-15

SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of authentication mechanisms (CWE-921 — storage of sensitive data in unsecured location related to auth bypass error). An attacker can remotely, without any privileges or user interaction, bypass the login process and gain access to the application's administrator account. The authentication mechanism does not enforce proper identity verification, opening the path to full Admin account takeover.

Impact

Attackers gain full access to the SAP Financial Consolidation administrator account, resulting in critical breach of confidentiality, integrity, and availability of the application and processed financial data.

Mitigation & patch

Apply patches available from the vendor according to references — SAP note number 3572688, published as part of SAP Security Patch Day. Immediate patch deployment is recommended, as well as restricting network access to the application until it is installed.

Who is affected

SAP Financial Consolidation — versions specified in vendor references (SAP note 3572688)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References