Missing Authorization check in SAP Business Analytics and SAP Content...

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

Basic Information

ID CVE-2026-34261

Source sap

Published Apr 14, 2026 at 00:08

Affected Product

Vendor SAP_SE

Product SAP Business Analytics and SAP Content Management

Version S4HCMRXX 100

Affected Versions SAP_SE SAP Business Analytics and SAP Content Management S4HCMRXX 100
SAP_SE SAP Business Analytics and SAP Content Management 101
SAP_SE SAP Business Analytics and SAP Content Management 102
SAP_SE SAP Business Analytics and SAP Content Management SAP_HRRXX 600
SAP_SE SAP Business Analytics and SAP Content Management 604
SAP_SE SAP Business Analytics and SAP Content Management 608

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.",
    "published": "2026-04-14T00:08:51.232Z",
    "modified": "2026-04-14T00:08:51.232Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP Business Analytics and SAP Content Management",
    "source": "sap",
    "references": "https://me.sap.com/notes/3705094\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-34261",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Business Analytics and SAP Content Management S4HCMRXX 100\nSAP_SE SAP Business Analytics and SAP Content Management 101\nSAP_SE SAP Business Analytics and SAP Content Management 102\nSAP_SE SAP Business Analytics and SAP Content Management SAP_HRRXX 600\nSAP_SE SAP Business Analytics and SAP Content Management 604\nSAP_SE SAP Business Analytics and SAP Content Management 608",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Business Analytics and SAP Content Management",
    "version": "S4HCMRXX 100",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization check in SAP Business Analytics and SAP Content Management_CVE-2026-34261