Home

Description

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

PUBLISHED Reserved 2026-03-26 | Published 2026-04-14 | Updated 2026-04-14 | Assigner sap




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-862: Missing Authorization

Product status

Default status
unaffected

S4HCMRXX 100
affected

101
affected

102
affected

SAP_HRRXX 600
affected

604
affected

608
affected

References

me.sap.com/notes/3705094

url.sap/sapsecuritypatchday

cve.org (CVE-2026-34261)

nvd.nist.gov (CVE-2026-34261)

Download JSON