CVE-2026-24315
4.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Fiori (launchpad) | SAP_UI 754 | affected |
| SAP_SE | SAP Fiori (launchpad) | 755 | affected |
| SAP_SE | SAP Fiori (launchpad) | 756 | affected |
| SAP_SE | SAP Fiori (launchpad) | 757 | affected |
| SAP_SE | SAP Fiori (launchpad) | 758 | affected |
| SAP_SE | SAP Fiori (launchpad) | 816 | affected |
Weaknesses
- CWE-35: CWE-35: Path Traversal
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.