Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L

Description

Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.

Basic Information

ID CVE-2026-27673

Source sap

Published Apr 14, 2026 at 00:06

Affected Product

Vendor SAP_SE

Product SAP S/4HANA (Private Cloud and On-Premise)

Version S4CORE 105

Affected Versions SAP_SE SAP S/4HANA (Private Cloud and On-Premise) S4CORE 105
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 106
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 107
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 108
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 109
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) FI-CA 606
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 616
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 617
SAP_SE SAP S/4HANA (Private Cloud and On-Premise) 618

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.",
    "published": "2026-04-14T00:06:38.160Z",
    "modified": "2026-04-14T00:06:38.160Z",
    "type": "cve",
    "title": "Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)",
    "source": "sap",
    "references": "https://me.sap.com/notes/3703813\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-27673",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP S/4HANA (Private Cloud and On-Premise) S4CORE 105\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 106\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 107\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 108\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 109\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) FI-CA 606\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 616\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 617\nSAP_SE SAP S/4HANA (Private Cloud and On-Premise) 618",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP S/4HANA (Private Cloud and On-Premise)",
    "version": "S4CORE 105",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)_CVE-2026-27673