CVE-2026-0503

Name of the Vulnerable Software and Affected Versions SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management) (affected versions not specified)

Description A missing authorization check in SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management) allows an attacker to extract hardcoded clear-text credentials and bypass password authentication checks by manipulating user parameters. Successful exploitation enables an attacker to access, modify, or delete change pointer information within EHS objects, potentially impacting subsequent systems. This issue results in a low impact on the confidentiality and integrity of the application, with no impact on availability. The vulnerability involves manipulating user parameters.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.