CVE-2026-24326 – Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations)

CVE ID : CVE-2026-24326

Published : Feb. 10, 2026, 3:04 a.m. | 1 hour, 17 minutes ago

Description : Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-24328 – Open Redirection vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

CVE-2026-24327 – Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application)

CVE-2026-24325 – Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)

CVE-2026-24324 – Denial of service (DOS) vulnerability in SAP BusinessObjects Business Intelligence Platform (AdminTools)