CVE-2026-34261

MEDIUM WAF: Low

CVSS 6.5 Published: 2026-04-14

CWE-862

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

WAF Coverage Analysis

Missing Authorization Low WAF Coverage

OWASP: A01:2021 Broken Access Control

References

me.sap.com
url.sap

Back to CVE Database