MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2026-23688

CVSS 4.3v3.1pub. 2026-02-10upd. 2026-02-17

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Sap S4core

    APP
    Sap
    102103104105106107
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-33701CRITICAL9.1ten sam produkt

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...

CVE-2024-39592HIGH7.7ten sam produkt

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...

CVE-2018-2484HIGH8.8ten sam produkt

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...

CVE-2026-0505MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...

CVE-2026-24323MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...