CVE-2026-34259

Summary

Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Forecasting & ReplenishmentSCM 702affected
SAP_SESAP Forecasting & Replenishment712affected
SAP_SESAP Forecasting & Replenishment713affected
SAP_SESAP Forecasting & Replenishment714affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References