CVE-2026-27686Missing Authorization in SE SAP Business Warehouse

CWE-862Missing Authorization3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 85.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Warehouse
Timeline
PublishedMar 10

Description

Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.6 | Impact: 4.2

Affected Packages1 packages

CVEListV5sap_se/sap_business_warehouse19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-c6hc-8mm4-9853: Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affe2026-03-10
CVEList
Missing Authorization check in SAP Business Warehouse (Service API)2026-03-10
CVE-2026-27686 — Missing Authorization | cvebase