CVE-2026-24316 | THREATINT

Description

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.

PUBLISHED Reserved 2026-01-21 | Published 2026-03-10 | Updated 2026-03-10 | Assigner sap

MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

CWE-918: Server-Side Request Forgery

Product status

Default status

unaffected

SAP_BASIS 740

affected

SAP_BASIS 750

affected

SAP_BASIS 751

affected

SAP_BASIS 752

affected

SAP_BASIS 753

affected

SAP_BASIS 754

affected

SAP_BASIS 755

affected

SAP_BASIS 756

affected

SAP_BASIS 757

affected

SAP_BASIS 758

affected

SAP_BASIS 816

affected

SAP_BASIS 918

affected

References

me.sap.com/notes/3689080

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24316)

nvd.nist.gov (CVE-2026-24316)

Download JSON