CVE-2026-24322

Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

CVSS 7.7 HIGHEPSS 0.2%CWE-862

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Produtos afetados

SAP_SE · SAP Solution Tools Plug-In (ST-PI)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://me.sap.com/notes/3705882 https://url.sap/sapsecuritypatchday