CVE-2026-24312Missing Authorization in SE SAP Business Workflow

CWE-862Missing Authorization3 documents3 sources
Severity
5.2MEDIUMNVD
EPSS
0.0%
top 93.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business WorkflowSAP Basis
Timeline
PublishedFeb 10

Description

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:NExploitability: 0.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5sap_se/sap_business_workflow8 versions+7
NVDsap/sap_basis8 versions+7

🔴Vulnerability Details

2
CVEList
Missing authorization check in SAP Business Workflow2026-02-10
GHSA
GHSA-44gc-5cr3-vhmh: An erroneous authorization check in SAP Business Workflow leads to privilege escalation2026-02-10
CVE-2026-24312 — Missing Authorization | cvebase