9.9
CVE-2026-0488
- EPSS 0.02%
- Veröffentlicht 10.02.2026 03:01:08
- Zuletzt bearbeitet 17.02.2026 16:10:03
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
An authenticated attacker in SAP CRM and SAP S/4HANA (Scripting Editor) could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impact on confidentiality, integrity, and availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version700
SAP ≫ Webclient Ui Framework Version700
SAP ≫ Webclient Ui Framework Version701
SAP ≫ Webclient Ui Framework Version730
SAP ≫ Webclient Ui Framework Version731
SAP ≫ Webclient Ui Framework Version746
SAP ≫ Webclient Ui Framework Version747
SAP ≫ Webclient Ui Framework Version748
SAP ≫ Webclient Ui Framework Version800
SAP ≫ Webclient Ui Framework Version801
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.063 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
| cna@sap.com | 9.9 | 3.1 | 6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.