{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:59:40.029","vulnerabilities":[{"cve":{"id":"CVE-2025-26656","sourceIdentifier":"cna@sap.com","published":"2025-03-11T01:15:35.383","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application."},{"lang":"es","value":"OData Service en Manage Purchasing Info Records no realiza las comprobaciones de autorizaciĆ³n necesarias para un usuario autenticado, lo que permite que un atacante aumente los privilegios. Esto tiene un impacto bajo en la integridad de la aplicaciĆ³n."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://me.sap.com/notes/3474392","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}