Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
SAP Business Analytics and Content Management: Unauthorized Access to Sensitive Data
CVE-2026-34261
Summary
An authenticated user can potentially access sensitive information they shouldn't have access to. This is a confidentiality risk, not a data breach or system crash. SAP is expected to release a patch to fix this issue, so apply any available updates as soon as possible.
Original title
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially access...
Original description
Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability affects confidentiality, with no impact on integrity and availability.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026