{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T11:41:28.230","vulnerabilities":[{"cve":{"id":"CVE-2025-26660","sourceIdentifier":"cna@sap.com","published":"2025-03-11T01:15:35.837","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Fiori applications using the posting library fail to properly configure security settings during the setup process, leaving them at default or inadequately defined. This vulnerability allows an attacker with low privileges to bypass access controls within the application, enabling them to potentially modify data. Confidentiality and Availability are not impacted."},{"lang":"es","value":"Las aplicaciones SAP Fiori que utilizan la librería de publicación no configuran correctamente los parámetros de seguridad durante el proceso de configuración, por lo que los dejan en los valores predeterminados o definidos de forma inadecuada. Esta vulnerabilidad permite que un atacante con pocos privilegios eluda los controles de acceso dentro de la aplicación, lo que le permite modificar potencialmente los datos. La confidencialidad y la disponibilidad no se ven afectadas."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://me.sap.com/notes/3557655","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}