CVE-2026-24309 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server for ABAP

Assigner: sap
Reserved: 21.01.2026 Published: 10.03.2026 Updated: 10.03.2026

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CVSS Score: 6.4

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP NetWeaver Application Server for ABAP
Versions	Default: unaffected Version SAP_BASIS 700 is affected Version SAP_BASIS 701 is affected Version SAP_BASIS 702 is affected Version SAP_BASIS 731 is affected Version SAP_BASIS 740 is affected Version SAP_BASIS 750 is affected Version SAP_BASIS 751 is affected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected

CVE-2026-24309 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server for ABAP

Metrics

Product Status

References

Problem Types