Solution Tools Plug In
CVE-2026-0486
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.
AnalysisAI
SAP Solution Tools Plug In fails to enforce authorization checks in remote-enabled ABAP function modules, allowing authenticated users to access and disclose sensitive system information. An attacker with valid credentials can query protected data without proper access controls, though system integrity and availability remain unaffected. No patch is currently available for this medium-severity vulnerability.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Solution Tools Plug-In. In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Solution Tools Plug In
View allAuthenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module tha
Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract
Same weakness CWE-862 – Missing Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today