VDB

CVE-2026-24312

CVE-2026-24312 PUBLISHED CVSS 5.199999809265137 MEDIUM

An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.

EPSS 0.03% · 8.2th percentile

Risk Scores

CVSS 3.1
5.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
EPSS Score
0.03%
8.2th percentile

Affected Products

VendorProductVersions
SAP_SESAP Business WorkflowSAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755
sapsap_basis752, 753, 754

Timeline

  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 17, 2026 CVE Updated
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score
  • Feb 28, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›