SAP Customer Checkout: Local Data Modify Abuse via Insecure Reverse Protection
CVE-2026-24311 Published on March 10, 2026
Insecure Storage Protection vulnerability in SAP Customer Checkout 2.0
The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with user?initiated interaction, may allow modifications to occur without validation. Such changes could affect system behaviour during startup, resulting in a high impact on the application's confidentiality and integrity, with a low impact on availability.
Vulnerability Analysis
CVE-2026-24311 can be exploited with physical access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Affected Versions
SAP_SE SAP Customer Checkout 2.0 Version SAP_CUSTOMER_CHECKOUT 2.0 is affected by CVE-2026-24311Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.