CVE-2026-27687

MEDIUM WAF: Low

CVSS 5.8 Published: 2026-03-10

CWE-862

Due to missing authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal, a user with high privileges could access sensitive data belonging to another company. This vulnerability has a high impact on confidentiality and does not affect integrity and availability.

WAF Coverage Analysis

Missing Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

me.sap.com
url.sap

Back to CVE Database