4.3

CVE-2026-23681

EPSS 0.03%
Veröffentlicht 10.02.2026 03:02:03
Zuletzt bearbeitet 17.02.2026 16:04:47
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequent attacks. This vulnerability has a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Solution Tools Plug-in Version740

SAP ≫ Solution Tools Plug-in Version758

SAP ≫ Solution Tools Plug-in Version2008_1_700

SAP ≫ Solution Tools Plug-in Version2008_1_710

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.097

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3680416

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-23681

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23681

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23681

EUVD