Missing Authorization check in SAP S/4HANA Condition Maintenance_CVE-2026-40133

6.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.

Basic Information

ID CVE-2026-40133

Source sap

Published May 12, 2026 at 02:21

Affected Product

Vendor SAP_SE

Product SAP S/4HANA Condition Maintenance

Version S4CORE 102

Affected Versions SAP_SE SAP S/4HANA Condition Maintenance S4CORE 102
SAP_SE SAP S/4HANA Condition Maintenance 103
SAP_SE SAP S/4HANA Condition Maintenance 104
SAP_SE SAP S/4HANA Condition Maintenance 105
SAP_SE SAP S/4HANA Condition Maintenance 106
SAP_SE SAP S/4HANA Condition Maintenance 107
SAP_SE SAP S/4HANA Condition Maintenance 108
SAP_SE SAP S/4HANA Condition Maintenance 109

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this vulnerability may prevent the legitimate user from accessing the records, causing low impact on application availability.",
    "published": "2026-05-12T02:21:18.130Z",
    "modified": "2026-05-12T02:21:18.130Z",
    "type": "cve",
    "title": "Missing Authorization check in SAP S/4HANA Condition Maintenance",
    "source": "sap",
    "references": "https://me.sap.com/notes/3718083\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-40133",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP S/4HANA Condition Maintenance S4CORE 102\nSAP_SE SAP S/4HANA Condition Maintenance 103\nSAP_SE SAP S/4HANA Condition Maintenance 104\nSAP_SE SAP S/4HANA Condition Maintenance 105\nSAP_SE SAP S/4HANA Condition Maintenance 106\nSAP_SE SAP S/4HANA Condition Maintenance 107\nSAP_SE SAP S/4HANA Condition Maintenance 108\nSAP_SE SAP S/4HANA Condition Maintenance 109",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP S/4HANA Condition Maintenance",
    "version": "S4CORE 102",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}