CVE-2026-0484

Published: Feb 10, 2026Modified: Feb 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: CNA

Description

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

Affected (15)

Products: Sap: Sap Basis

Sap

1 product

Sap Basis

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Sap Sap Basis	Version 700
Sap Sap Basis	Version 701
Sap Sap Basis	Version 702
Sap Sap Basis	Version 731
Sap Sap Basis	Version 740
Sap Sap Basis	Version 750
Sap Sap Basis	Version 751
Sap Sap Basis	Version 752
Sap Sap Basis	Version 753
Sap Sap Basis	Version 754
Sap Sap Basis	Version 755
Sap Sap Basis	Version 756
Sap Sap Basis	Version 757
Sap Sap Basis	Version 758
Sap Sap Basis	Version 816

Related CWEs

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://me.sap.com/notes/3672622

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.