CVE-2026-34261

Summary

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Business Analytics and SAP Content ManagementS4HCMRXX 100affected
SAP_SESAP Business Analytics and SAP Content Management101affected
SAP_SESAP Business Analytics and SAP Content Management102affected
SAP_SESAP Business Analytics and SAP Content ManagementSAP_HRRXX 600affected
SAP_SESAP Business Analytics and SAP Content Management604affected
SAP_SESAP Business Analytics and SAP Content Management608affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References