Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible endpoint, low complexity; PR:L because a valid authenticated session is required; confidentiality-only at low tier with no integrity or availability impact.
Primary rating from Vendor (sap).
CVSS VectorVendor: sap
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
AnalysisAI
Privilege escalation in SAP S/4HANA's Draft Operation component allows authenticated restricted users to read entity data beyond their authorized scope due to missing authorization checks. The flaw, classified under CWE-862, is exploitable over the network without elevated privileges, resulting in low confidentiality impact with no effect on integrity or availability. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated session in SAP S/4HANA with at least low-privilege access (PR:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS base score of 4.3 (Medium) accurately reflects the constrained impact: the attack vector is network-accessible (AV:N) with low complexity (AC:L) and requires only low-privilege authentication (PR:L), but scope is unchanged (S:U) and impact is limited strictly to confidentiality at the low tier (C:L/I:N/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated SAP S/4HANA user with a restricted role - such as a read-only reporting user or a user with access limited to specific business units - sends a network request to the Draft Operation endpoint for an entity outside their authorized scope. Because authorization checks are absent, the server returns the draft entity data without validating the user's permissions, exposing potentially sensitive business records such as draft purchase orders, financial postings, or HR records. … |
| Remediation | Apply the fix documented in SAP Security Note 3515598 (https://me.sap.com/notes/3515598), which is the authoritative vendor remedy for this authorization gap. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43595
GHSA-jf6p-qvqv-f6g9