CVE-2026-0484 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Assigner: sap
Reserved: 09.12.2025 Published: 10.02.2026 Updated: 10.02.2026

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 6.5

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP NetWeaver Application Server ABAP and SAP S/4HANA
Versions	Default: unaffected Version SAP_BASIS 700 is affected Version SAP_BASIS 701 is affected Version SAP_BASIS 702 is affected Version SAP_BASIS 731 is affected Version SAP_BASIS 740 is affected Version SAP_BASIS 750 is affected Version SAP_BASIS 751 is affected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected

CVE-2026-0484 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA

Metrics

Product Status

References

Problem Types