CVE-2026-23681

Published: Feb 10, 2026Modified: Feb 17, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: CNA

Description

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequent attacks. This vulnerability has a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Affected (4)

Products: Sap: Solution Tools Plug In

Sap

1 product

Solution Tools Plug In

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Solution Tools Plug In	Version 2008_1_700
Sap Solution Tools Plug In	Version 2008_1_710
Sap Solution Tools Plug In	Version 740
Sap Solution Tools Plug In	Version 758

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://me.sap.com/notes/3680416

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.