5.9

CVE-2026-27686

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP Business Warehouse (Service API)
Default Statusunaffected
Version DW4CORE 200
Status affected
Version 300
Status affected
Version 400
Status affected
Version PI_BASIS 2006_1_700
Status affected
Version 701
Status affected
Version 702
Status affected
Version 730
Status affected
Version 731
Status affected
Version 740
Status affected
Version SAP_BW 750
Status affected
Version 751
Status affected
Version 752
Status affected
Version 753
Status affected
Version 754
Status affected
Version 755
Status affected
Version 756
Status affected
Version 757
Status affected
Version 758
Status affected
Version 816
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.121
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 5.9 1.6 4.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.