CVE-2026-24312
published 2026-02-10CVE-2026-24312: An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by…
medium5.2CVSS 3.1
AVNACLPRHUIRSUCLIHAN
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap | sap_basis | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |
| sap_se | sap_business_workflow | — | — |