CVE-2026-23688 PUBLISHED

Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)

Assigner: sap
Reserved: 14.01.2026 Published: 10.02.2026 Updated: 10.02.2026

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 4.3

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Fiori App (Manage Service Entry Sheets - Lean Services)
Versions	Default: unaffected Version S4CORE 102 is affected Version 103 is affected Version 104 is affected Version 105 is affected Version 106 is affected Version 107 is affected

CVE-2026-23688 PUBLISHED

Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services)

Metrics

Product Status

References

Problem Types