Home

Description

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.

PUBLISHED Reserved 2026-01-21 | Published 2026-03-10 | Updated 2026-03-10 | Assigner sap




MEDIUM: 5.0CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

ST-PI 2008_1_700
affected

2008_1_710
affected

740
affected

758
affected

References

me.sap.com/notes/3707930

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24313)

nvd.nist.gov (CVE-2026-24313)

Download JSON