CVE-2026-24310

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://me.sap.com/notes/3694383	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:netweaver_application_server_abap:702::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:731::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:740::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:750::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:751::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:752::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:753::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:754::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:755::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:756::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:757::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:758::::sap_basis:::
	cpe:2.3:a:sap:netweaver_application_server_abap:816::::sap_basis:::

History

03 Jun 2026, 18:59

Type	Values Removed	Values Added
First Time		Sap netweaver Application Server Abap Sap
References	~~() https://me.sap.com/notes/3694383 -~~	() https://me.sap.com/notes/3694383 - Permissions Required
References	~~() https://url.sap/sapsecuritypatchday -~~	() https://url.sap/sapsecuritypatchday - Vendor Advisory
Summary		(es) Debido a la falta de verificación de autorización en el Servidor de aplicaciones SAP NetWeaver para ABAP, un atacante autenticado podría ejecutar un módulo de función ABAP específico y leer información sensible del catálogo de la base de datos del sistema ABAP. Esta vulnerabilidad tiene un bajo impacto en la confidencialidad de la aplicación, sin efecto en la integridad y disponibilidad.
CPE		cpe:2.3:a:sap:netweaver_application_server_abap:752::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:750::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:753::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:751::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:754::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:758::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:756::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:731::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:816::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:755::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:702::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:757::::sap_basis::: cpe:2.3:a:sap:netweaver_application_server_abap:740::::sap_basis:::

10 Mar 2026, 17:35

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-10 17:35

Updated : 2026-06-03 18:59

NVD link : CVE-2026-24310

Mitre link : CVE-2026-24310

CVE.ORG link : CVE-2026-24310

JSON object : View

Products Affected

sap

netweaver_application_server_abap

CWE

CWE-862

Missing Authorization

3.5 /10