Solution Tools Plug In
CVE-2026-24322
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.
AnalysisAI
Authenticated users in SAP Solution Tools Plug-In (ST-PI) can access sensitive information through a function module that lacks proper authorization controls, allowing disclosure of confidential data without requiring additional privileges. The vulnerability affects all users with basic authentication to the affected SAP systems, as the missing checks permit lateral data exposure across the application.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Solution Tools Plug-In. SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Solution Tools Plug In
View allSAP Solution Tools Plug In fails to enforce authorization checks in remote-enabled ABAP function modules, allowing authe
Authenticated users of SAP Solution Tools Plug-In can bypass authorization checks to invoke function modules and extract
Same weakness CWE-862 – Missing Authorization
View allShare
External POC / Exploit Code
Leaving vuln.today