CVE-2026-44749
4.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Gateway | SAP_GWFND 750 | affected |
| SAP_SE | SAP Gateway | 751 | affected |
| SAP_SE | SAP Gateway | 752 | affected |
| SAP_SE | SAP Gateway | 753 | affected |
| SAP_SE | SAP Gateway | 754 | affected |
| SAP_SE | SAP Gateway | 755 | affected |
| SAP_SE | SAP Gateway | 756 | affected |
| SAP_SE | SAP Gateway | 757 | affected |
| SAP_SE | SAP Gateway | 758 | affected |
| SAP_SE | SAP Gateway | SAP_BASIS 795 | affected |
Weaknesses
- CWE-497: CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.