CVE-2026-27687

Summary

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM PortugalS4HCMCPT 100affected
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM Portugal101affected
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM Portugal102affected
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM PortugalSAP_HRCPT 600affected
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM Portugal604affected
SAP_SESAP S/4HANA HCM Portugal and SAP ERP HCM Portugal608affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References