CVE-2026-24322
📋 TL;DR
SAP Solution Tools Plug-In (ST-PI) contains an authorization bypass vulnerability where authenticated users can access sensitive information without proper permission checks. This affects organizations using SAP ST-PI and compromises confidentiality of sensitive data. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- SAP Solution Tools Plug-In (ST-PI)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers with authenticated access could exfiltrate sensitive business data, customer information, or system configuration details, leading to data breaches and regulatory violations.
Likely Case
Internal users or compromised accounts accessing unauthorized sensitive information, potentially leading to data leakage and privacy violations.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized users only accessing data they're permitted to see.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Note 3705882 for specific patch versions
Vendor Advisory: https://me.sap.com/notes/3705882
Restart Required: Yes
Instructions:
1. Review SAP Note 3705882 for affected versions and patches. 2. Apply the relevant SAP security patch. 3. Restart affected SAP systems. 4. Verify patch application through transaction SPAM/SAINT.
🔧 Temporary Workarounds
Restrict User Access
allLimit user access to ST-PI function modules to only authorized personnel
Implement Additional Authorization Checks
allAdd custom authorization checks in affected function modules
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all SAP users
- Enable detailed logging and monitoring of ST-PI function module access
🔍 How to Verify
Check if Vulnerable:
Check SAP Note 3705882 for affected versions and compare with your system version using transaction SPAMCheck Version:
Use transaction SPAM or SAINT to check installed SAP components and versionsVerify Fix Applied:
Verify patch application through transaction SPAM/SAINT and test authorization checks in affected function modules📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to ST-PI function modules
- Unusual data access patterns from authenticated users
Network Indicators:
- Unusual data transfers from SAP systems containing sensitive information
SIEM Query:
source="sap_audit_log" AND (event_type="authorization_failure" OR module="ST-PI") AND user!="SAP*"