CVE-2026-24322 PUBLISHED

Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

Assigner: sap
Reserved: 21.01.2026 Published: 10.02.2026 Updated: 10.02.2026

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing sensitive information to be disclosed. This vulnerability has a high impact on confidentiality and does not affect integrity or availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS Score: 7.7

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Solution Tools Plug-In (ST-PI)
Versions	Default: unaffected Version ST-PI 2008_1_700 is affected Version 2008_1_710 is affected Version 740 is affected Version 758 is affected

References

https://me.sap.com/notes/3705882
https://url.sap/sapsecuritypatchday

CVE-2026-24322 PUBLISHED

Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)

Metrics

Product Status

References

Problem Types