The vulnerability is an erroneous authorization check in SAP Business Workflow that allows a legitimate administrator to bypass role restrictions. The flaw lets an authenticated admin use permissions from a lower‑privilege function to perform higher‑privilege actions, resulting in a high impact on data integrity, a low impact on confidentiality, and no impact on availability. The weakness aligns with the CWE‑862 “Missing Authorization” category.

Affected: SAP Business Workflow as provided by SAP SE. The list of affected operating environments includes the various SAP Basis versions from 752 to 816 as recorded in the CPE list. No specific version information or build numbers are supplied; the impact is limited to instances of SAP Business Workflow running within those SAP Basis releases.

CVSS score 5.2 indicates moderate severity. EPSS below 1% indicates a very low but non‑zero probability that this flaw is actively exploited. The vulnerability is not listed in the CISA KEV catalog. The attacker needs to be an authenticated administrator. Based on the description, the attack vector is internal: the exploit requires legitimate credentials and privileged access to the workflow system, with no disclosed public remote exploit. The method involves leveraging a less sensitive function to elevate privileges within the same application session, so exploitation conditions include the presence of the faulty authorization check and an account with administrative rights. As a result, the compromise risk remains moderate but confined to systems where administrative accounts are compromised or misconfigured.