cvedb.io
CVE-2026-24309
MEDIUM · CVSS 6.4
EPSS exploitation probability: 0%
Published 2026-03-10T17:35:54.963 · Last modified 2026-06-17T10:22:52.717

Summary

Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.

Affected products

sap — netweaver_application_server_abap

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.