9.9
CVE-2026-0488
- EPSS 0.02%
- Veröffentlicht 10.02.2026 03:01:08
- Zuletzt bearbeitet 17.02.2026 16:10:03
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version700
SAP ≫ Webclient Ui Framework Version700
SAP ≫ Webclient Ui Framework Version701
SAP ≫ Webclient Ui Framework Version730
SAP ≫ Webclient Ui Framework Version731
SAP ≫ Webclient Ui Framework Version746
SAP ≫ Webclient Ui Framework Version747
SAP ≫ Webclient Ui Framework Version748
SAP ≫ Webclient Ui Framework Version800
SAP ≫ Webclient Ui Framework Version801
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.048 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| cna@sap.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.