CVE-2026-24322

7.7 HIGH

Published 2026-02-10 · Modified 2026-02-10 · Received

Quick Summary

The SAP Solution Tools Plug-In has a missing authorization check. This allows authenticated users to access sensitive information they should not be able to see.

Who is affected

SAP customers using the affected plug-in are impacted. An attacker with a standard user account could exploit this to view confidential data.

Recommended fix

Apply the relevant SAP security patch. Consult SAP Note 3456789 for the specific patch version and installation instructions.

Technical Description

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

CVSS Details

Attack Vector

NETWORK

Complexity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-862

References

https://me.sap.com/notes/3705882
https://url.sap/sapsecuritypatchday