CVE-2026-27681
SQL Injection vulnerability in SAP Business Planning and Consolidation and SAP Business Warehouse
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
14th
Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of the system.
| Vendor | sap_se |
| Product | sap business planning and consolidation and sap business warehouse |
| Published | Apr 14, 2026 |
| Last Updated | Apr 14, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap business planning and consolidation and sap business warehouse
Be the first to know when new critical vulnerabilities affecting sap_se sap business planning and consolidation and sap business warehouse are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
SAP_SE / SAP Business Planning and Consolidation and SAP Business Warehouse
HANABPC 810 BPC4HANA 300 SAP_BW 750 752 753 754 755 756 757 758 816