CVE-2026-23681

{"id": "CVE-2026-23681", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-02-10T04:16:02.520", "references": [{"url": "https://me.sap.com/notes/3680416", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequent attacks. This vulnerability has a low impact on the confidentiality of the application, with no effect on its integrity or availability."}, {"lang": "es", "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en un m\u00f3dulo de funci\u00f3n en el Plug-In de Herramientas de Soporte de SAP, un atacante autenticado podr\u00eda invocar m\u00f3dulos de funci\u00f3n espec\u00edficos para recuperar informaci\u00f3n sobre el sistema y su configuraci\u00f3n. Esta divulgaci\u00f3n de la informaci\u00f3n del sistema podr\u00eda ayudar al atacante a planificar ataques subsiguientes. Esta vulnerabilidad tiene un bajo impacto en la confidencialidad de la aplicaci\u00f3n, sin efecto en su integridad o disponibilidad."}], "lastModified": "2026-02-17T16:04:47.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E087FCF-62FE-48A7-80B1-1BEDEA5716D6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C9CBFC-453A-4B9E-87B6-466369CE6AD6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC728B3-F77B-45E8-B7EC-9C78B41FA1E6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836C482-5A64-4373-BCB4-0185BDF83EAD"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}