Missing Authorization Check in ABAP based SAP systems_CVE-2026-0486

5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Description

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

Basic Information

ID CVE-2026-0486

Source sap

Published Feb 10, 2026 at 03:00

Affected Product

Vendor SAP_SE

Product ABAP based SAP systems

Version ST-PI 2005_1_700

Affected Versions SAP_SE ABAP based SAP systems ST-PI 2005_1_700
SAP_SE ABAP based SAP systems 2008_1_710
SAP_SE ABAP based SAP systems 740
SAP_SE ABAP based SAP systems 758

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.",
    "published": "2026-02-10T03:00:59.297Z",
    "modified": "2026-02-10T03:00:59.297Z",
    "type": "cve",
    "title": "Missing Authorization Check in ABAP based SAP systems",
    "source": "sap",
    "references": "https://me.sap.com/notes/3691645\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-0486",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE ABAP based SAP systems ST-PI 2005_1_700\nSAP_SE ABAP based SAP systems 2008_1_710\nSAP_SE ABAP based SAP systems 740\nSAP_SE ABAP based SAP systems 758",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ABAP based SAP systems",
    "version": "ST-PI 2005_1_700",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}