CVE-2026-23688

Summary

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)S4CORE 102affected
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)103affected
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)104affected
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)105affected
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)106affected
SAP_SESAP Fiori App (Manage Service Entry Sheets - Lean Services)107affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References