CVE-2026-0486
5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Summary
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | ABAP based SAP systems | ST-PI 2005_1_700 | affected |
| SAP_SE | ABAP based SAP systems | 2008_1_710 | affected |
| SAP_SE | ABAP based SAP systems | 740 | affected |
| SAP_SE | ABAP based SAP systems | 758 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.