CVE-2026-23688 | THREATINT

Description

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

PUBLISHED Reserved 2026-01-14 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

S4CORE 102

affected

103

affected

104

affected

105

affected

106

affected

107

affected

References

me.sap.com/notes/3215823

url.sap/sapsecuritypatchday

cve.org (CVE-2026-23688)

nvd.nist.gov (CVE-2026-23688)

Download JSON