GHSA-fg5q-rjfh-rr88

GHSA-fg5q-rjfh-rr88 PUBLISHED CVSS 6.5 MEDIUM

Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Timeline

Apr 14, 2026 CVE Published
Apr 14, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-34261 advisory
https://me.sap.com/notes/3705094 url
https://url.sap/sapsecuritypatchday url

Open in Interactive Console →