Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.9
SAP Business Warehouse Service API: Unauthorized Actions via Authenticated Attack
CVE-2026-27686
Summary
An attacker can make unauthorized changes to SAP Business Warehouse configuration and disrupt request processing, potentially causing a denial of service. This is a concern because it can impact business operations and availability. SAP users should ensure that proper authorization checks are in place to prevent unauthorized access.
Original title
Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitati...
Original description
Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.
nvd CVSS3.1
5.9
Vulnerability type
CWE-862
Missing Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026