216.73.216.86

CVE-2026-0503

· Published 13/01/2026 02:15 · Modified 13/01/2026 14:03

Labels: CVE-2026-0503 2026-01-13CVE-2026-0503CWE-862[email protected]

Essential information

Published
13/01/2026 02:15
Modified
13/01/2026 14:03
Author
Creator
CVSS
6.4 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CVSS metrics

Description

Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password authentication check by manipulating user parameters. Upon successful exploitation, the attacker can access, modify or delete certain change pointer information within EHS objects in the application which might further affect the subsequent systems. This vulnerability leads to a low impact on confidentiality and integrity of the application with no affect on the availability.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sap / sap ecc cpe:2.3:a:sap:sap_ecc:*:*:*:*:*:*:*:*
sap / sap s/4hana cpe:2.3:a:sap:sap_s/4hana:*:*:*:*:*:*:*:*
sap / sap ehs management cpe:2.3:a:sap:sap_ehs_management:*:*:*:*:*:*:*:*

References