Description
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted.
Published: 2026-06-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

SAP MDG Review Match Groups Application does not perform necessary authorization checks for authenticated users. This flaw can allow a low‑privileged user to perform actions that should be restricted, effectively enabling privilege escalation with low impact on integrity and no impact on confidentiality or availability.

Affected Systems

The CVE affects the SAP MDG Review Match Groups Application from SAP SE. No specific versions are listed; users should verify that their installation of the Review Match Groups Application is up‑to‑date with the latest SAP patch or note 3673181.

Risk and Exploitability

The CVSS score of 4.3 classifies this vulnerability as low. Without an available EPSS score, the probability of exploitation is uncertain, but the absence of a KEV listing suggests that there are no known active exploits. Exploitation requires authentication and a user with low privileges; the attacker can then obtain elevated privileges through the missing authorization checks, but the effect is limited to privileged actions within the application, with no impact on data confidentiality or availability.

Generated by OpenCVE AI on June 9, 2026 at 02:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest SAP patch via SAP Note 3673181 to the Review Match Groups Application.
  • Restrict user accounts to the minimum privileges needed for their role and enforce role‑based access control.
  • Conduct periodic reviews of access logs and privileges to detect any unauthorized actions within the application.

Generated by OpenCVE AI on June 9, 2026 at 02:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Mdg (review Match Groups Application)
Vendors & Products Sap Se
Sap Se sap Mdg (review Match Groups Application)

Tue, 09 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
Description SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted.
Title Missing Authorization check in SAP MDG (Review Match Groups Application)
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Sap Se Sap Mdg (review Match Groups Application)
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-06-10T03:58:32.961Z

Reserved: 2026-05-07T18:16:34.195Z

Link: CVE-2026-44750

cve-icon Vulnrichment

Updated: 2026-06-09T13:22:35.401Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T01:16:46.737

Modified: 2026-06-09T02:08:28.150

Link: CVE-2026-44750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T08:56:24Z

Weaknesses