CVE-2026-0503

Missing Authorization check in in SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)

CVSS 6.4 MEDIUMEPSS 0.2%CWE-862

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 6.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 jan 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Produtos afetados

SAP_SE · SAP ERP Central Component and SAP S/4HANA (SAP EHS Management)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3681523 https://url.sap/sapsecuritypatchday