CVE-2026-34261
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Business Analytics and SAP Content Management | S4HCMRXX 100 | affected |
| SAP_SE | SAP Business Analytics and SAP Content Management | 101 | affected |
| SAP_SE | SAP Business Analytics and SAP Content Management | 102 | affected |
| SAP_SE | SAP Business Analytics and SAP Content Management | SAP_HRRXX 600 | affected |
| SAP_SE | SAP Business Analytics and SAP Content Management | 604 | affected |
| SAP_SE | SAP Business Analytics and SAP Content Management | 608 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.