CVE-2026-24328

Summary

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.

Affected Software

VendorProductVersion RangeStatus
SAP_SEBusiness Server Pages Application (TAF_APPLAUNCHER)ST-PI 2008_1_700affected
SAP_SEBusiness Server Pages Application (TAF_APPLAUNCHER)2008_1_710affected
SAP_SEBusiness Server Pages Application (TAF_APPLAUNCHER)740affected
SAP_SEBusiness Server Pages Application (TAF_APPLAUNCHER)758affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References