CVE-2025-42946
📋 TL;DR
This directory traversal vulnerability in SAP S/4HANA Bank Communication Management allows authenticated attackers with high privileges to access sensitive operating system files. Attackers could read or delete critical files, compromising confidentiality with minimal impact on system availability. Only organizations using vulnerable SAP S/4HANA versions with Bank Communication Management are affected.
💻 Affected Systems
- SAP S/4HANA
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could exfiltrate sensitive system files, configuration data, or credentials, potentially leading to further system compromise or data breaches.
Likely Case
Privileged insiders or compromised accounts could access sensitive operating system files, exposing confidential information without disrupting business operations.
If Mitigated
With proper access controls and monitoring, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Requires high privileges and knowledge of specific Bank Communication Management transaction/method
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Apply SAP Note 3614804
Vendor Advisory: https://me.sap.com/notes/3614804
Restart Required: No
Instructions:
1. Download SAP Note 3614804 from SAP Support Portal. 2. Apply the security patch following SAP's standard patching procedures. 3. Verify the patch is correctly applied.
🔧 Temporary Workarounds
Restrict Transaction Access
SAPLimit access to the specific Bank Communication Management transaction and method mentioned in the vulnerability
🧯 If You Can't Patch
- Implement strict access controls to limit who can access Bank Communication Management transactions
- Enable detailed logging and monitoring for file access attempts through Bank Communication Management
🔍 How to Verify
Check if Vulnerable:
Check if SAP Note 3614804 is applied in your SAP system using transaction SNOTECheck Version:
Use SAP transaction SM51 to check system details and applied notesVerify Fix Applied:
Verify SAP Note 3614804 is marked as successfully implemented in transaction SNOTE📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns through Bank Communication Management transactions
- Multiple failed directory traversal attempts
Network Indicators:
- Unusual data transfers from SAP system following Bank Communication Management access
SIEM Query:
source="sap_audit_log" AND (transaction="BCM_*" OR method="vulnerable_method") AND (action="file_access" OR result="success")