CVE-2026-24326

Medium CVSS: 4.3

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.

Vendor

Sap

Product

S\/4hana Defense \& Security

CWE

CWE-862

Yayın Tarihi

2026-02-10 04:16:04

Güncelleme

2026-02-17 15:13:03

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-862 S\/4hana Defense \& Security MEDIUM Sap 2026

Referanslar

https://me.sap.com/notes/3678009 https://url.sap/sapsecuritypatchday

Benzer Kayıtlar

Medium

CVE-2026-24314

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which…

Medium

CVE-2026-24327

Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages),…

Medium

CVE-2026-24328

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when cli…

Medium

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripti…

Medium

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these op…

High

CVE-2026-24322

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks f…