CVE-2026-40133

Summary

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP S/4HANA Condition MaintenanceS4CORE 102affected
SAP_SESAP S/4HANA Condition Maintenance103affected
SAP_SESAP S/4HANA Condition Maintenance104affected
SAP_SESAP S/4HANA Condition Maintenance105affected
SAP_SESAP S/4HANA Condition Maintenance106affected
SAP_SESAP S/4HANA Condition Maintenance107affected
SAP_SESAP S/4HANA Condition Maintenance108affected
SAP_SESAP S/4HANA Condition Maintenance109affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References