Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

solution_tools_plug-in

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-24322
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-7.7||HIGH
EPSS-0.03% / 8.64%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 03:04
Updated-17 Feb, 2026 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

Action-Not Available
Vendor-SAP SE
Product-solution_tools_plug-inSAP Solution Tools Plug-In (ST-PI)
CWE ID-CWE-862
Missing Authorization
CVE-2026-23681
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 03:02
Updated-17 Feb, 2026 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization check in a function module in SAP Support Tools Plug-In

Due to missing authorization check in a function module in SAP Support Tools Plug-In, an authenticated attacker could invoke specific function modules to retrieve information about the system and its configuration. This disclosure of the system information could assist the attacker to plan subsequent attacks. This vulnerability has a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Action-Not Available
Vendor-SAP SE
Product-solution_tools_plug-inSAP Support Tools Plug-In
CWE ID-CWE-862
Missing Authorization
CVE-2026-0486
Assigner-SAP SE
ShareView Details
Assigner-SAP SE
CVSS Score-5||MEDIUM
EPSS-0.03% / 7.43%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 03:00
Updated-17 Feb, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authorization Check in ABAP based SAP systems

In ABAP based SAP systems a remote enabled function module does not perform necessary authorization checks for an authenticated user resulting in disclosure of system information.This has low impact on confidentiality. Integrity and availability are not impacted.

Action-Not Available
Vendor-SAP SE
Product-solution_tools_plug-inABAP based SAP systems
CWE ID-CWE-862
Missing Authorization