{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24313", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:25.361Z", "datePublished": "2026-03-10T00:17:40.116Z", "dateUpdated": "2026-03-10T16:53:20.906Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:17:40.116Z"}, "title": "Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Solution Tools Plug-In (ST-PI)", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "758"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3707930"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T15:36:09.182645Z", "id": "CVE-2026-24313", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T16:53:20.906Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24313", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T15:36:09.182645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:36:10.279Z"}}], "cna": {"title": "Missing Authorization check in SAP Solution Tools Plug-In (ST-PI)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Solution Tools Plug-In (ST-PI)", "versions": [{"status": "affected", "version": "ST-PI 2008_1_700"}, {"status": "affected", "version": "2008_1_710"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "758"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3707930"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:17:40.116Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24313", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:53:20.906Z", "dateReserved": "2026-01-21T22:15:25.361Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-03-10T00:17:40.116Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks for authenticated users, allowing system information to be disclosed. This vulnerability has a low impact on confidentiality and does not affect integrity or availability."}], "id": "CVE-2026-24313", "lastModified": "2026-03-11T13:53:47.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 1.4, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-03-10T17:35:55.620", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3707930"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "ST-PI 2008_1_700"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2008_1_710"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "740"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "758"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "SAP Solution Tools Plug-In (ST-PI)", "source": "cna", "vendor": "SAP_SE"}, "product": "sap_solution_tools_plug-in_(st-pi)", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-16T09:57:27.383409+00:00", "value": {"mitigation_remediation": ["Verify your SAP Solution Tools Plug\u2011In version and check SAP Note 3707930 for any available patches or work\u2011arounds.", "Restrict access to the vulnerable function module by removing unnecessary authorizations or applying strict role\u2011based controls.", "Monitor system logs for unexpected calls to the function module and alert on potential information disclosure patterns.", "Keep SAP products updated to the latest secure release once SAP publishes a fix."], "summary": {"action": "Assess Impact", "impact": "Confidentiality Disclosure"}, "threat_synthesis": {"affected_systems": "SAP Solution Tools Plug\u2011In (ST\u2011PI). No specific affected version information is provided in the CNA data.", "description_and_impact": "An SAP Solution Tools Plug\u2011In (ST\u2011PI) function module fails to perform required authorization checks for authenticated users, enabling disclosure of system information. The vulnerability results in a low\u2011impact confidentiality breach, with no effect on integrity or availability. This flaw maps to CWE\u2011862, reflecting a missing privilege check.", "risk_and_exploitability": "Authenticated SAP users could invoke the vulnerable module and read system data. The embedded CVSS score of 5 indicates moderate overall risk, while an EPSS score of less than 1% suggests a low likelihood of exploitation at this time. The issue is not listed in the CISA KEV catalog. The attack vector is inferred to be authenticated internal access, with no requirement for privilege escalation beyond legitimate user privileges."}}}}, "created": "2026-03-10T14:06:16.661429+00:00", "updated": "2026-04-16T10:00:14.098971+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_solution_tools_plug-in_(st-pi)"]}