Missing Authorization check in SAP Fiori App (Manage Service Entry...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

Basic Information

ID CVE-2026-23688

Source sap

Published Feb 10, 2026 at 03:02

Affected Product

Vendor SAP_SE

Product SAP Fiori App (Manage Service Entry Sheets - Lean Services)

Version S4CORE 102

Affected Versions SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) S4CORE 102
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 103
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 104
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 105
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 106
SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 107

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.",
    "published": "2026-02-10T03:02:58.702Z",
    "modified": "2026-02-10T03:02:58.702Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3215823\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-23688",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) S4CORE 102\nSAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 103\nSAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 104\nSAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 105\nSAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 106\nSAP_SE SAP Fiori App (Manage Service Entry Sheets - Lean Services) 107",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Fiori App (Manage Service Entry Sheets - Lean Services)",
    "version": "S4CORE 102",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets – Lean Services)_CVE-2026-23688