CVE-2026-24309

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced sy...

medium 6.4 CVSS 3.1
Published: Mar 10, 2026
Modified: Jun 3, 2026
Vendor: Sap
Product: Netweaver Application Server Abap
Versions: 700,701,702,731,740,750,751,752,753,754

Description

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.

References

Related CVEs

CVE-2026-40135 medium · 6.5
An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to
CVE-2026-27682 medium · 4.7
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker coul
CVE-2026-27688 medium · 5.0
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a speci
CVE-2026-24310 low · 3.5
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive inform
CVE-2026-24316 medium · 6.4
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report i