CVE-2026-23688

EPSS 0.04%
Veröffentlicht 10.02.2026 03:02:58
Zuletzt bearbeitet 17.02.2026 15:58:00
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ S4core Version102

SAP ≫ S4core Version103

SAP ≫ S4core Version104

SAP ≫ S4core Version105

SAP ≫ S4core Version106

SAP ≫ S4core Version107

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.124

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@sap.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://url.sap/sapsecuritypatchday

Vendor Advisory

https://me.sap.com/notes/3215823

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2026-23688

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-23688

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-23688

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-23688