CVE-2026-27677

MEDIUM WAF: Low

CVSS 6.5 Published: 2026-04-14

CWE-862

Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.

WAF Coverage Analysis

Missing Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

me.sap.com
url.sap

Back to CVE Database