Security Advisory

CVE-2026-27679

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-14 00:07:44

Last updated 2026-04-14 13:14:18

Assigner sap

State PUBLISHED

Description

Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not impacted.

← Browse all CVEs View on cve.org ↗