CVE-2026-40133
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP S/4HANA Condition Maintenance | S4CORE 102 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 103 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 104 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 105 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 106 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 107 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 108 | affected |
| SAP_SE | SAP S/4HANA Condition Maintenance | 109 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.