{“lastseen”:””,”description”:”Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.”,”published”:”2026-04-14T00:08:05.791Z”,”modified”:”2026-04-14T00:08:05.791Z”,”type”:”cve”,”title”:”SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse”,”source”:”sap”,”references”:”https:\/\/me.sap.com\/notes\/3719353\\nhttps:\/\/url.sap\/sapsecuritypatchday”,”id”:”CVE-2026-27681″,”bulletinFamily”:””,”cwe”:[“CWE-89″],”cvelist”:null,”sourceData”:”SAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse HANABPC 810\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse BPC4HANA 300\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse SAP_BW 750\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 752\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 753\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 754\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 755\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 756\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 757\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 758\\nSAP_SE SAP Business Planning and Consolidation and SAP Business Warehouse 816″,”sourceHref”:””,”cvss”:{“score”:9.9,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”SAP Business Planning and Consolidation and SAP Business Warehouse”,”version”:”HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816″,”vendor”:”SAP_SE”,”ai_description”:”SQL Injection vulnerability allowing an authenticated user to execute crafted SQL statements and impact the confidentiality, integrity, and availability of the system”,”ai_severity”:”Critical”,”ai_vendor”:”SAP”,”ai_product”:”SAP Business Planning and Consolidation and SAP Business Warehouse”,”ai_version”:”HANABPC 810, BPC4HANA 300, SAP_BW 750, 752, 753, 754, 755, 756, 757, 758, 816″,”ai_score”:9.9}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read,…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,45,12,13,7,11,5],"class_list":["post-46577","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-99","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n