{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T23:50:00.351","vulnerabilities":[{"cve":{"id":"CVE-2026-0498","sourceIdentifier":"cna@sap.com","published":"2026-01-13T02:15:52.300","lastModified":"2026-01-22T18:44:20.380","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"SAP S/4HANA (Private Cloud and On-Premise) allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS commands into the system, bypassing essential authorization checks. This vulnerability effectively functions as a backdoor, creating the risk of full system compromise, undermining the confidentiality, integrity and availability of the system."},{"lang":"es","value":"SAP S/4HANA (Nube Privada y On-Premise) permite a un atacante con privilegios de administrador explotar una vulnerabilidad en el módulo de función expuesto vía RFC. Esta falla permite la inyección de código ABAP/comandos de SO arbitrarios en el sistema, eludiendo comprobaciones de autorización esenciales. Esta vulnerabilidad funciona efectivamente como una puerta trasera, creando el riesgo de compromiso total del sistema, socavando la confidencialidad, integridad y disponibilidad del sistema."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:102:*:*:*:*:*:*:*","matchCriteriaId":"7EE80980-12A5-40D7-8992-5C81FC82935E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:103:*:*:*:*:*:*:*","matchCriteriaId":"82AAE66A-7112-4E83-9094-2AA571144F64"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:104:*:*:*:*:*:*:*","matchCriteriaId":"CFF0FD31-F4F3-470A-9CB5-DE339D7334FF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:105:*:*:*:*:*:*:*","matchCriteriaId":"A52E5AE7-D16E-4122-A39E-20A2CAB9A146"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:106:*:*:*:*:*:*:*","matchCriteriaId":"EAEF60F9-E053-4D22-AA65-9C1CA5130374"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:107:*:*:*:*:*:*:*","matchCriteriaId":"8606117E-F864-474F-8839-F6BAB51113E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:108:*:*:*:*:*:*:*","matchCriteriaId":"F794CB63-BF34-42D5-9998-CD2F2B2FF25F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4_hana:109:*:*:*:*:*:*:*","matchCriteriaId":"CBF58A90-18F3-4358-8BCE-9FDD813F02C8"}]}]}],"references":[{"url":"https://me.sap.com/notes/3694242","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Patch","Vendor Advisory"]}]}}]}