FKIE_CVE-2026-24322

Vulnerability from fkie_nvd - Published: 2026-02-10 04:16 - Updated: 2026-02-17 15:23
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.
References
cna@sap.comhttps://me.sap.com/notes/3705882Permissions Required
cna@sap.comhttps://url.sap/sapsecuritypatchdayVendor Advisory
Impacted products
Vendor Product Version
sap solution_tools_plug-in 740
sap solution_tools_plug-in 758
sap solution_tools_plug-in 2008_1_700
sap solution_tools_plug-in 2008_1_710
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:solution_tools_plug-in:740:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E087FCF-62FE-48A7-80B1-1BEDEA5716D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:solution_tools_plug-in:758:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C9CBFC-453A-4B9E-87B6-466369CE6AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_700:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DC728B3-F77B-45E8-B7EC-9C78B41FA1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:*:*:*:*:*:*:*",
              "matchCriteriaId": "4836C482-5A64-4373-BCB4-0185BDF83EAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability."
    },
    {
      "lang": "es",
      "value": "SAP Solution Tools Plug-In (ST-PI) contiene un m\u00f3dulo de funci\u00f3n que no realiza las comprobaciones de autorizaci\u00f3n necesarias para usuarios autenticados, permitiendo que se divulgue informaci\u00f3n sensible. Esta vulnerabilidad tiene un alto impacto en la confidencialidad y no afecta a la integridad ni a la disponibilidad."
    }
  ],
  "id": "CVE-2026-24322",
  "lastModified": "2026-02-17T15:23:50.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0,
        "source": "cna@sap.com",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-02-10T04:16:04.307",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://me.sap.com/notes/3705882"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://url.sap/sapsecuritypatchday"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.