Login Sign Up

CVE-2026-23681

4.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in SAP Support Tools Plug-In allows authenticated users to access system configuration information without proper authorization checks. Attackers can gather reconnaissance data to plan further attacks. Only affects SAP systems with the vulnerable plug-in installed.

💻 Affected Systems

Products:
  • SAP Support Tools Plug-In
Versions: Specific versions not detailed in CVE; check SAP Note 3680416
Operating Systems: All platforms running SAP
Default Config Vulnerable: ⚠️ Yes
Notes: Requires SAP Support Tools Plug-In installation and authenticated access

📦 What is this software?

Solution Tools Plug In by Sap

View all CVEs affecting Solution Tools Plug In →

Solution Tools Plug In by Sap

View all CVEs affecting Solution Tools Plug In →

Solution Tools Plug In by Sap

View all CVEs affecting Solution Tools Plug In →

Solution Tools Plug In by Sap

View all CVEs affecting Solution Tools Plug In →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker obtains detailed system configuration information, enabling targeted follow-on attacks against the SAP environment.

🟠

Likely Case

Malicious insider or compromised account uses the vulnerability for reconnaissance to identify weaknesses for exploitation.

🟢

If Mitigated

Information disclosure limited to authorized users only, preventing unauthorized reconnaissance.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access to SAP system

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: See SAP Note 3680416 for specific patch details

Vendor Advisory: https://me.sap.com/notes/3680416

Restart Required: Yes

Instructions:

1. Review SAP Note 3680416
2. Apply the security patch from SAP
3. Restart affected SAP services

🔧 Temporary Workarounds

Restrict Function Module Access

all

Implement authorization checks to restrict access to vulnerable function modules

Use SAP transaction SU24 to maintain authorization objects
Implement custom authorization checks in affected function modules

🧯 If You Can't Patch

  • Implement strict access controls and monitoring for SAP Support Tools functions
  • Segment network to limit access to SAP systems from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check if SAP Support Tools Plug-In is installed and review authorization settings for function modules

Check Version:

Use SAP transaction SPAM to check component versions

Verify Fix Applied:

Verify patch installation via SAP Note 3680416 and test authorization controls

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to SAP Support Tools function modules
  • Multiple failed authorization attempts followed by successful access

Network Indicators:

  • Unusual SAP GUI or RFC connections accessing support tools

SIEM Query:

source="sap_audit_log" AND (event="function_module_call" AND module_name LIKE "%SUPPORT%")

📊 Metadata

CVE ID: CVE-2026-23681
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-862
EPSS Score: 0.03% exploit probability (6.4th percentile)
Published: February 10, 2026
Last Updated: February 17, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-23681, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)