CVE-2025-26655

Missing Authorization check in SAP JIT(Outbound)

CVSS 3.1 LOWEPSS 0.2%CWE-862

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.1EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

11 mar 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Productos afectados

SAP_SE · SAP Just In Time

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3347991 https://url.sap/sapsecuritypatchday