CVE-2026-27686
Missing Authorization check in SAP Business Warehouse (Service API)
CVSS Score
5.9
EPSS Score
0.0%
EPSS Percentile
0th
Due to a Missing Authorization Check in SAP Business Warehouse (Service API), an authenticated attacker could perform unauthorized actions via an affected RFC function module. Successful exploitation could enable unauthorized configuration and control changes, potentially disrupting request processing and causing denial of service. This results in low impact on integrity and high impact on availability, while confidentiality remains unaffected.
| Vendor | sap_se |
| Product | sap business warehouse (service api) |
| Published | Mar 10, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap business warehouse (service api)
Be the first to know when new medium vulnerabilities affecting sap_se sap business warehouse (service api) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
High
Affected Versions
SAP_SE / SAP Business Warehouse (Service API)
DW4CORE 200 300 400 PI_BASIS 2006_1_700 701 702 730 731 740 SAP_BW 750 751 752 753 754 755 756 757 758 816