CVE-2026-24310 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server for ABAP

Assigner: sap
Reserved: 21.01.2026 Published: 10.03.2026 Updated: 10.03.2026

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
CVSS Score: 3.5

Attack Vector	Network	Scope	Changed
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	Low	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP NetWeaver Application Server for ABAP
Versions	Default: unaffected Version SAP_BASIS 702 is affected Version SAP_BASIS 731 is affected Version SAP_BASIS 740 is affected Version SAP_BASIS 750 is affected Version SAP_BASIS 751 is affected Version SAP_BASIS 752 is affected Version SAP_BASIS 753 is affected Version SAP_BASIS 754 is affected Version SAP_BASIS 755 is affected Version SAP_BASIS 756 is affected Version SAP_BASIS 757 is affected Version SAP_BASIS 758 is affected Version SAP_BASIS 816 is affected

CVE-2026-24310 PUBLISHED

Missing Authorization check in SAP NetWeaver Application Server for ABAP

Metrics

Product Status

References

Problem Types