{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24322", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:36.672Z", "datePublished": "2026-02-10T03:04:01.992Z", "dateUpdated": "2026-02-10T17:00:38.519Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Solution Tools Plug-In (ST-PI)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "758"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.</p>"}], "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:04:01.992Z"}, "references": [{"url": "https://me.sap.com/notes/3705882"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T17:00:20.371145Z", "id": "CVE-2026-24322", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T17:00:38.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24322", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T17:00:20.371145Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T17:00:33.348Z"}}], "cna": {"title": "Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Solution Tools Plug-In (ST-PI)", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "758"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3705882"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:04:01.992Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24322", "state": "PUBLISHED", "dateUpdated": "2026-02-10T17:00:38.519Z", "dateReserved": "2026-01-21T22:15:36.672Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-02-10T03:04:01.992Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:740:*:*:*:*:*:*:*", "matchCriteriaId": "3E087FCF-62FE-48A7-80B1-1BEDEA5716D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:758:*:*:*:*:*:*:*", "matchCriteriaId": "F9C9CBFC-453A-4B9E-87B6-466369CE6AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_700:*:*:*:*:*:*:*", "matchCriteriaId": "2DC728B3-F77B-45E8-B7EC-9C78B41FA1E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:solution_tools_plug-in:2008_1_710:*:*:*:*:*:*:*", "matchCriteriaId": "4836C482-5A64-4373-BCB4-0185BDF83EAD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability."}, {"lang": "es", "value": "SAP Solution Tools Plug-In (ST-PI) contiene un m\u00f3dulo de funci\u00f3n que no realiza las comprobaciones de autorizaci\u00f3n necesarias para usuarios autenticados, permitiendo que se divulgue informaci\u00f3n sensible. Esta vulnerabilidad tiene un alto impacto en la confidencialidad y no afecta a la integridad ni a la disponibilidad."}], "id": "CVE-2026-24322", "lastModified": "2026-02-17T15:23:50.653", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-02-10T04:16:04.307", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3705882"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"created": "2026-02-10T11:34:38.165557+00:00", "updated": "2026-02-10T11:34:38.165641+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_solution_tools_plug-in_(st-pi)"]}