{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:54:48.169","vulnerabilities":[{"cve":{"id":"CVE-2026-24326","sourceIdentifier":"cna@sap.com","published":"2026-02-10T04:16:04.950","lastModified":"2026-02-17T15:13:03.900","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to do direct update on standard SAP database table . This results in low impact on integrity, with no impact on confidentiality or availability of the application."},{"lang":"es","value":"Debido a una verificación de autorización faltante en las Operaciones Desconectadas de SAP S/4HANA Defense & Security, un atacante con privilegios de usuario podría llamar módulos de función habilitados remotamente para realizar una actualización directa en una tabla de base de datos SAP estándar. Esto resulta en un impacto bajo en la integridad, sin impacto en la confidencialidad o disponibilidad de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:600:*:*:*:*:*:*:*","matchCriteriaId":"78ADAFAC-2C87-4C49-8865-EB1C97B7B5F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:603:*:*:*:*:*:*:*","matchCriteriaId":"CD7FBDFA-E462-4BAE-9408-351011A813A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:604:*:*:*:*:*:*:*","matchCriteriaId":"B614A1E8-F448-4D31-985B-C4A7C0CB368B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:605:*:*:*:*:*:*:*","matchCriteriaId":"127D2BD7-BB9D-4CE0-BB07-F871905B31A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:606:*:*:*:*:*:*:*","matchCriteriaId":"98E1223E-1745-4B98-8E3E-F96B3ECAC188"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:616:*:*:*:*:*:*:*","matchCriteriaId":"EF6DD245-E9C9-4B4D-A1BC-03EB6AC72D20"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:617:*:*:*:*:*:*:*","matchCriteriaId":"2166F508-E6D6-4115-943C-DB3A542ED1FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:618:*:*:*:*:*:*:*","matchCriteriaId":"0867D831-9BF5-4E85-8D18-739A4D815B83"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:619:*:*:*:*:*:*:*","matchCriteriaId":"9FCE5819-11CF-40BA-9AA6-58B5ACC7F5F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:800:*:*:*:*:*:*:*","matchCriteriaId":"19551C2A-E648-4984-B8C6-943AB0DD98E4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:801:*:*:*:*:*:*:*","matchCriteriaId":"7AB489DD-5DBD-4ED1-B960-73EABA12BD41"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:802:*:*:*:*:*:*:*","matchCriteriaId":"86985075-6564-4905-B863-0FE785DF1060"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:803:*:*:*:*:*:*:*","matchCriteriaId":"40CB0220-9467-49B8-9050-368B816ABE18"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:804:*:*:*:*:*:*:*","matchCriteriaId":"732E1942-ECBF-4FCD-98C7-C7DF361748F6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:805:*:*:*:*:*:*:*","matchCriteriaId":"00AC39A9-6262-48B5-ACBA-2D214AB97222"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:806:*:*:*:*:*:*:*","matchCriteriaId":"CAC823D3-3E07-4534-905F-3D1209AE55EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:807:*:*:*:*:*:*:*","matchCriteriaId":"433D5F16-FB53-4774-ABA1-73D9618A06E7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:808:*:*:*:*:*:*:*","matchCriteriaId":"77352DDD-866D-45E1-9995-B0D9AC997623"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:s\\/4hana_defense_\\&_security:809:*:*:*:*:*:*:*","matchCriteriaId":"FF9592A1-EAD9-4BDB-868A-73306569146F"}]}]}],"references":[{"url":"https://me.sap.com/notes/3678009","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Vendor Advisory"]}]}}]}