CVE-2026-24326

{"id": "CVE-2026-24326", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2026-02-10T04:16:04.950", "references": [{"url": "https://me.sap.com/notes/3678009", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application."}, {"lang": "es", "value": "Debido a una verificaci\u00f3n de autorizaci\u00f3n faltante en las Operaciones Desconectadas de SAP S/4HANA Defense & Security, un atacante con privilegios de usuario podr\u00eda llamar m\u00f3dulos de funci\u00f3n habilitados remotamente para realizar una actualizaci\u00f3n directa en una tabla de base de datos SAP est\u00e1ndar. Esto resulta en un impacto bajo en la integridad, sin impacto en la confidencialidad o disponibilidad de la aplicaci\u00f3n."}], "lastModified": "2026-02-17T15:13:03.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78ADAFAC-2C87-4C49-8865-EB1C97B7B5F9"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:603:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD7FBDFA-E462-4BAE-9408-351011A813A2"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:604:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B614A1E8-F448-4D31-985B-C4A7C0CB368B"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:605:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "127D2BD7-BB9D-4CE0-BB07-F871905B31A1"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98E1223E-1745-4B98-8E3E-F96B3ECAC188"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:616:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF6DD245-E9C9-4B4D-A1BC-03EB6AC72D20"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:617:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2166F508-E6D6-4115-943C-DB3A542ED1FD"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:618:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0867D831-9BF5-4E85-8D18-739A4D815B83"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:619:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FCE5819-11CF-40BA-9AA6-58B5ACC7F5F4"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19551C2A-E648-4984-B8C6-943AB0DD98E4"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:801:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AB489DD-5DBD-4ED1-B960-73EABA12BD41"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:802:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86985075-6564-4905-B863-0FE785DF1060"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:803:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40CB0220-9467-49B8-9050-368B816ABE18"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:804:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "732E1942-ECBF-4FCD-98C7-C7DF361748F6"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:805:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00AC39A9-6262-48B5-ACBA-2D214AB97222"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:806:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAC823D3-3E07-4534-905F-3D1209AE55EC"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:807:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "433D5F16-FB53-4774-ABA1-73D9618A06E7"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:808:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77352DDD-866D-45E1-9995-B0D9AC997623"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:809:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF9592A1-EAD9-4BDB-868A-73306569146F"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}