Primary

Context

SAP S/4HANA Defense & Security Missing Authorization Check Vulnerability Allowing Unauthorized Database Updates

Vulnerability

A vulnerability exists in SAP S/4HANA Defense & Security due to a missing authorization check in the Disconnected Operations feature. This flaw allows an attacker with user privileges to invoke remote-enabled function modules, enabling direct updates to standard SAP database tables. The vulnerability has a low impact on data integrity, with no effects on the application's confidentiality or availability.

Impact

Exploitation of this vulnerability allows for unauthorized direct modifications to standard SAP database tables, potentially leading to data integrity issues.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.

Added: Feb 10, 2026, 5:17 AM

Updated: Feb 10, 2026, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S/4HANA Defense & Security Missing Authorization Check Vulnerability Allowing Unauthorized Database Updates

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating