CVE-2026-24322

{"id": "CVE-2026-24322", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2026-02-10T04:16:04.307", "references": [{"url": "https://me.sap.com/notes/3705882", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability."}, {"lang": "es", "value": "SAP Solution Tools Plug-In (ST-PI) contiene un m\u00f3dulo de funci\u00f3n que no realiza las comprobaciones de autorizaci\u00f3n necesarias para usuarios autenticados, permitiendo que se divulgue informaci\u00f3n sensible. Esta vulnerabilidad tiene un alto impacto en la confidencialidad y no afecta a la integridad ni a la disponibilidad."}], "lastModified": "2026-02-17T15:23:50.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:740:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E087FCF-62FE-48A7-80B1-1BEDEA5716D6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:758:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9C9CBFC-453A-4B9E-87B6-466369CE6AD6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_700:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2DC728B3-F77B-45E8-B7EC-9C78B41FA1E6"}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4836C482-5A64-4373-BCB4-0185BDF83EAD"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}