Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while confidentiality and availability are not impacted.
AnalysisAI
Privilege escalation in SAP MDG's Review Match Groups Application exposes restricted actions to low-privileged authenticated users due to missing authorization checks. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms exploitation requires only a valid low-privileged account over the network with no additional interaction, enabling unauthorized data modification. Impact is scoped to low integrity degradation - confidentiality and availability are unaffected - making this a moderate business risk primarily for organizations where MDG data integrity is compliance-critical. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Technical ContextAI
SAP Master Data Governance (MDG) is SAP's enterprise solution for managing and governing master data across business domains. The Review Match Groups Application is a specific functional component within MDG used to consolidate and validate duplicate master data records. The root cause is CWE-862 (Missing Authorization): the application performs no server-side verification that the requesting user holds the privileges required to execute certain actions. This is a classic broken function-level access control defect - the application likely enforces authorization at the UI layer (preventing display of controls) but not at the backend service or API layer, allowing a user who crafts or replays requests to invoke restricted operations. The CVSS Scope:Unchanged value indicates the flaw is contained within the MDG application boundary and does not allow lateral movement into other SAP components.
RemediationAI
Apply the fix documented in SAP Security Note 3673181, available through SAP Support Portal at https://me.sap.com/notes/3673181. This note was released as part of SAP Security Patch Day (https://url.sap/sapsecuritypatchday) and should be applied through the standard SAP correction transport or Support Package Stack process. An exact patched version number is not independently confirmable from the available data - consult the note directly for the minimum support package level required. As a compensating control prior to patching, organizations should audit role assignments within SAP MDG and apply the principle of least privilege to user accounts accessing the Review Match Groups Application, restricting that application's authorization objects to only those users with a documented business need. Note that role restriction alone does not eliminate the underlying missing authorization check and is not a substitute for the vendor patch.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35284
GHSA-wh76-p6p5-4x94