Primary

Context

SAP S/4HANA and SAP ERP HCM Portugal Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

A vulnerability exists in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal due to a missing authorization check. This flaw allows a user with high privileges to access sensitive data belonging to another company, posing a significant risk to data confidentiality.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data, potentially causing data breaches or misuse of confidential information.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform, where users can find the complete list of security updates and patches. It is recommended to implement these corrections as a priority.

Added: Mar 10, 2026, 6:09 PM

Updated: Mar 10, 2026, 6:09 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

4.4

remediation

0.0

relevance

3.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP S/4HANA and SAP ERP HCM Portugal Missing Authorization Check Vulnerability Allowing Unauthorized Data Access

Vulnerability

Impact

Remediation

Affected Products

SAP ERP HCM Portugal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating