Description
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.
Published: 2026-03-10
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Confidentiality Disclosure
Action: Assess Impact
AI Analysis

Impact

An SAP Solution Tools Plug‑In (ST‑PI) function module fails to perform required authorization checks for authenticated users, enabling disclosure of system information. The vulnerability results in a low‑impact confidentiality breach, with no effect on integrity or availability. This flaw maps to CWE‑862, reflecting a missing privilege check.

Affected Systems

SAP Solution Tools Plug‑In (ST‑PI). No specific affected version information is provided in the CNA data.

Risk and Exploitability

Authenticated SAP users could invoke the vulnerable module and read system data. The embedded CVSS score of 5 indicates moderate overall risk, while an EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The issue is not listed in the CISA KEV catalog. The attack vector is inferred to be authenticated internal access, with no requirement for privilege escalation beyond legitimate user privileges.

Generated by OpenCVE AI on April 16, 2026 at 09:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify your SAP Solution Tools Plug‑In version and check SAP Note 3707930 for any available patches or work‑arounds.
  • Restrict access to the vulnerable function module by removing unnecessary authorizations or applying strict role‑based controls.
  • Monitor system logs for unexpected calls to the function module and alert on potential information disclosure patterns.
  • Keep SAP products updated to the latest secure release once SAP publishes a fix.

Generated by OpenCVE AI on April 16, 2026 at 09:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Solution Tools Plug-in (st-pi)
Vendors & Products Sap Se
Sap Se sap Solution Tools Plug-in (st-pi)

Tue, 10 Mar 2026 00:45:00 +0000

Type Values Removed Values Added
Description SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.
Title Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Sap Se Sap Solution Tools Plug-in (st-pi)
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-03-10T16:53:20.906Z

Reserved: 2026-01-21T22:15:25.361Z

Link: CVE-2026-24313

cve-icon Vulnrichment

Updated: 2026-03-10T15:36:10.279Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-10T17:35:55.620

Modified: 2026-03-11T13:53:47.157

Link: CVE-2026-24313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T10:00:14Z

Weaknesses