EUVD-2026-29367
GHSA-cqhw-vpw6-ww5x
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionNVD
Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbitrary operating system commands. Successful exploitation could allow the attacker to read or modify any system data or shut down the system, resulting in a complete compromise of confidentiality, integrity, and availability.
AnalysisAI
OS command injection in SAP Forecasting & Replenishment allows authenticated administrators to execute arbitrary system commands through abuse of a non-remote-enabled function, leading to complete system compromise. The vulnerability enables full read/write access to system data and potential system shutdown, though exploitation is constrained to local attack vectors and requires high-privilege administrative access (CVSS 8.2). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all systems running SAP Forecasting & Replenishment and document current versions; restrict administrative access to the application to only essential personnel and implement enhanced monitoring of admin activities. Within 7 days: Apply the vendor-released patch from SAP Security Patch Day to all affected systems; verify patch installation through SAP security update verification tools. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today