{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T07:51:40.186","vulnerabilities":[{"cve":{"id":"CVE-2026-0503","sourceIdentifier":"cna@sap.com","published":"2026-01-13T02:15:52.953","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability."},{"lang":"es","value":"Debido a una falta de verificación de autorización en SAP ERP Central Component (SAP ECC) y SAP S/4HANA (SAP EHS Management), un atacante podría extraer credenciales codificadas en texto claro y eludir la verificación de autenticación de contraseña manipulando parámetros de usuario. Tras una explotación exitosa, el atacante puede acceder, modificar o eliminar cierta información de punteros de cambio dentro de objetos EHS en la aplicación, lo que podría afectar aún más a los sistemas subsiguientes. Esta vulnerabilidad conlleva a un impacto bajo en la confidencialidad y la integridad de la aplicación, sin afectar la disponibilidad."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":2.7}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://me.sap.com/notes/3681523","source":"cna@sap.com"},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com"}]}}]}