CVE-2026-24322

HIGH EPSS 11.1%
Published Feb 10, 20264mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 3.1
High
Find Similar
Published Feb 10, 2026 4mo ago
Last Modified Jun 17, 2026 1w ago

Description

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

CVSS Details

Base Score
7.7
Exploitability
3.1
Impact
4.0
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
11.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

Affected Products 4

VendorProductVersionRange
sapsolution_tools_plug-in740any
sapsolution_tools_plug-in758any
sapsolution_tools_plug-in2008_1_700any
sapsolution_tools_plug-in2008_1_710any

References 2

  • me.sap.com https://me.sap.com/notes/3705882
    Permissions Required
  • url.sap https://url.sap/sapsecuritypatchday
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.