CVE-2026-34257

Summary

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 700affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 701affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 702affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 731affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 740affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 750affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 752affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 753affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 754affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 755affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 756affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 757affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 758affected
SAP_SESAP NetWeaver Application Server ABAPSAP_BASIS 816affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References