MEDIUM✓ PATCH🇬🇧 English

CVE-2026-23688

CVSS 4.3v3.1pub. 2026-02-10upd. 2026-02-17

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Sap S4core

    APP
    Sap
    102103104105106107
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-33701CRITICAL9.1ten sam produkt

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...

CVE-2024-39592HIGH7.7ten sam produkt

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...

CVE-2018-2484HIGH8.8ten sam produkt

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...

CVE-2026-0505MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...

CVE-2026-24323MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...

CVE-2026-23688 — MEDIUM 4.3 | CVEbaza.pl