← volver
CVE-2026-34261

Missing Authorization check in SAP Business Analytics and SAP Content Management

CVSS 6.5 MEDIUMEPSS 0.2%CWE-862
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 abr 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Productos afectados
SAP_SE · SAP Business Analytics and SAP Content Management

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://me.sap.com/notes/3705094https://url.sap/sapsecuritypatchday