VDB
CVE-2026-24312
CVE-2026-24312
PUBLISHED
CVSS 5.199999809265137 MEDIUM
An erroneous authorization check in SAP Business Workflow leads to privilege escalation. An authenticated administrative user can bypass role restrictions by leveraging permissions from a less sensitive function to execute unauthorized, high-privilege actions. This has a high impact on data integrity, with low impact on confidentiality and no impact on availability of the application.
EPSS 0.03% · 8.2th percentile
Risk Scores
CVSS 3.1
5.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N
EPSS Score
0.03%
8.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP Business Workflow | SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755 |
| sap | sap_basis | 752, 753, 754 |
Timeline
- Feb 10, 2026 CVE Published
- Feb 10, 2026 EPSS Score
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 17, 2026 CVE Updated
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score
- Feb 26, 2026 EPSS Score
- Feb 28, 2026 EPSS Score