CVE-2026-23681
Missing Authorization check in a function module in SAP Support Tools Plug-In
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 feb 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequent attacks. This vulnerability has a low impact on the confidentiality of the application, with no effect on its integrity or availability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP_SE · SAP Support Tools Plug-In¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →