CVE-2026-24312

Summary

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business WorkflowSAP_BASIS 752affected
SAP_SESAP Business WorkflowSAP_BASIS 753affected
SAP_SESAP Business WorkflowSAP_BASIS 754affected
SAP_SESAP Business WorkflowSAP_BASIS 755affected
SAP_SESAP Business WorkflowSAP_BASIS 756affected
SAP_SESAP Business WorkflowSAP_BASIS 757affected
SAP_SESAP Business WorkflowSAP_BASIS 758affected
SAP_SESAP Business WorkflowSAP_BASIS 816affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References