CVE-2026-34261

MEDIUM

Missing Authorization check in SAP Business Analytics and SAP Content Management

Title source: cna

Description

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

References (2)

https://me.sap.com/notes/3705094

https://url.sap/sapsecuritypatchday

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (6)

SAP_SE/SAP Business Analytics and SAP Content Management 101

SAP_SE/SAP Business Analytics and SAP Content Management 102

SAP_SE/SAP Business Analytics and SAP Content Management 604

SAP_SE/SAP Business Analytics and SAP Content Management 608

SAP_SE/SAP Business Analytics and SAP Content Management S4HCMRXX 100

SAP_SE/SAP Business Analytics and SAP Content Management SAP_HRRXX 600

Published Apr 14, 2026

Tracked Since Apr 14, 2026