CVE-2026-24309

🔶 medium

Summary

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.

CVSS Score

6.4

Medium

EPSS Score

0.1

Exploit Probability

Published Date

2026-03-10

First Seen: 2026-03-11

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 40.9% of all 330,193 vulnerabilities in our database.

#195,162

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 10, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-06-03

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CWE IDs (Weakness Types)

CWE-862

📦 Affected Products 15

Vendor	Product	Status	Affected Versions
sap	netweaver_application_server_abap	Affected	v700
sap	netweaver_application_server_abap	Affected	v701
sap	netweaver_application_server_abap	Affected	v702
sap	netweaver_application_server_abap	Affected	v731
sap	netweaver_application_server_abap	Affected	v740
sap	netweaver_application_server_abap	Affected	v750
sap	netweaver_application_server_abap	Affected	v751
sap	netweaver_application_server_abap	Affected	v752
sap	netweaver_application_server_abap	Affected	v753
sap	netweaver_application_server_abap	Affected	v754
sap	netweaver_application_server_abap	Affected	v755
sap	netweaver_application_server_abap	Affected	v756
sap	netweaver_application_server_abap	Affected	v757
sap	netweaver_application_server_abap	Affected	v758
sap	netweaver_application_server_abap	Affected	v816

🔗 References 2

https://me.sap.com/notes/3703856

Permissions Required

https://url.sap/sapsecuritypatchday

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-27680	ℹ️ low	3.1	0.0	Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inj...	2026-05-14
CVE-2026-27682	🔶 medium	4.7	0.0	Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based...	2026-05-12
CVE-2026-40135	🔶 medium	6.5	0.1	An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that all...	2026-05-12
CVE-2026-34257	🔶 medium	6.1	0.1	Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft ...	2026-04-14
CVE-2026-24310	ℹ️ low	3.5	0.0	Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute...	2026-03-10
CVE-2026-24316	🔶 medium	6.4	0.0	SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP reques...	2026-03-10

These CVEs affect the same products