7.1

CVE-2026-34256

Medienbericht

Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?character executable ABAP report without authorization. If the overwritten report is subsequently executed, the intended functionality could become unavailable. Successful exploitation impacts availability, with a limited impact on integrity confined to the affected report, while confidentiality remains unaffected.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)
Default Statusunaffected
Version SAP_FIN 618
Status affected
Version 720
Status affected
Version 730
Status affected
Version EA-FIN 617
Status affected
Version 700
Status affected
Version SAPSCORE 135
Status affected
Version S4CORE 102
Status affected
Version 103
Status affected
Version 104
Status affected
Version 105
Status affected
Version 106
Status affected
Version 107
Status affected
Version 108
Status affected
Version 109
Status affected
Version EA-APPL 600
Status affected
Version 602
Status affected
Version 603
Status affected
Version 604
Status affected
Version 605
Status affected
Version 606
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.146
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 7.1 2.8 4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.