CVE-2026-27686 | THREATINT

Description

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.

PUBLISHED Reserved 2026-02-23 | Published 2026-03-10 | Updated 2026-03-10 | Assigner sap

MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-862: Missing Authorization

Product status

Default status

unaffected

DW4CORE 200

affected

300

affected

400

affected

PI_BASIS 2006_1_700

affected

701

affected

702

affected

730

affected

731

affected

740

affected

SAP_BW 750

affected

751

affected

752

affected

753

affected

754

affected

755

affected

756

affected

757

affected

758

affected

816

affected

References

me.sap.com/notes/3703385

url.sap/sapsecuritypatchday

cve.org (CVE-2026-27686)

nvd.nist.gov (CVE-2026-27686)

Download JSON