CVE-2026-0484

Summary

Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 751affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server ABAP and SAP S/4HANASAP_BASIS 816affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References