CVE-2026-24310

Published: Mar 10, 2026Modified: Jun 3, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database catalog of the ABAP system. This vulnerability has low impact on the application's confidentiality with no effect on the integrity and availability.

Affected (13)

Products: Sap: Netweaver Application Server Abap

Sap

1 product

Netweaver Application Server Abap

Configuration A

13 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver Application Server Abap	Version 702
Sap Netweaver Application Server Abap	Version 731
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 751
Sap Netweaver Application Server Abap	Version 752
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 754
Sap Netweaver Application Server Abap	Version 755
Sap Netweaver Application Server Abap	Version 756
Sap Netweaver Application Server Abap	Version 757
Sap Netweaver Application Server Abap	Version 758
Sap Netweaver Application Server Abap	Version 816

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (2)

https://me.sap.com/notes/3694383

Source: cna@sap.com

Permissions Required

https://url.sap/sapsecuritypatchday

Source: cna@sap.com

Vendor Advisory

Timeline

No history available yet.