CVE-2026-24311 MEDIUM

CVE-2026-24311: Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0

Vendor Sap_Se
Product SAP Customer Checkout 2.0
Weakness CWE-312 · Cleartext storage
Published March 10, 2026
Last update March 10, 2026

CVSS base score

5.6/10
Attack vector Physical
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes could affect system behaviour during startup, resulting in a high impact on the application's confidentiality and integrity, with a low impact on availability.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 10, 2026 Record updated