Description
SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. As a result, this vulnerability has a low impact on the application's confidentiality and integrity but no impact on its availability.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/2886616
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
5.4
EPSS
0.0003
EPSS Percentile
9.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Products (17)
SAP_SE/SAP Starter Solution (PL SAFT)
101
SAP_SE/SAP Starter Solution (PL SAFT)
102
SAP_SE/SAP Starter Solution (PL SAFT)
103
SAP_SE/SAP Starter Solution (PL SAFT)
104
SAP_SE/SAP Starter Solution (PL SAFT)
602
SAP_SE/SAP Starter Solution (PL SAFT)
603
SAP_SE/SAP Starter Solution (PL SAFT)
604
SAP_SE/SAP Starter Solution (PL SAFT)
605
SAP_SE/SAP Starter Solution (PL SAFT)
606
SAP_SE/SAP Starter Solution (PL SAFT)
616
... and 7 more
Published
Nov 11, 2025
Tracked Since
Feb 18, 2026