4.3
CVE-2026-24326
- EPSS 0.01%
- Veröffentlicht 10.02.2026 03:04:39
- Zuletzt bearbeitet 17.02.2026 15:13:03
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginDue to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ S/4hana Defense & Security Version600
SAP ≫ S/4hana Defense & Security Version603
SAP ≫ S/4hana Defense & Security Version604
SAP ≫ S/4hana Defense & Security Version605
SAP ≫ S/4hana Defense & Security Version606
SAP ≫ S/4hana Defense & Security Version616
SAP ≫ S/4hana Defense & Security Version617
SAP ≫ S/4hana Defense & Security Version618
SAP ≫ S/4hana Defense & Security Version619
SAP ≫ S/4hana Defense & Security Version800
SAP ≫ S/4hana Defense & Security Version801
SAP ≫ S/4hana Defense & Security Version802
SAP ≫ S/4hana Defense & Security Version803
SAP ≫ S/4hana Defense & Security Version804
SAP ≫ S/4hana Defense & Security Version805
SAP ≫ S/4hana Defense & Security Version806
SAP ≫ S/4hana Defense & Security Version807
SAP ≫ S/4hana Defense & Security Version808
SAP ≫ S/4hana Defense & Security Version809
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.016 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.