Severity
Medium
Analysis Summary
CVE-2025-31328 CVSS:4.6
SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability.
CVE-2025-31327 CVSS:4.3
SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted.
Impact
- Gain Access
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-31328
CVE-2025-31327
Affected Vendors
Affected Products
- SAP Learning SolutionSAP Field Logistics
Remediation
Refer to SAP Security Advisory for patch, upgrade, or suggested workaround information.(Login Required)