CVE-2025-26656

Summary

OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SES/4HANA (Manage Purchasing Info Records)S4CORE 105affected
SAP_SES/4HANA (Manage Purchasing Info Records)106affected
SAP_SES/4HANA (Manage Purchasing Info Records)107affected
SAP_SES/4HANA (Manage Purchasing Info Records)108affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References