HIGHCVE-2026-0506Published Modified CNA sap
CVE-2026-0506: Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform
Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
Affected packages
- SAP_SE / SAP NetWeaver Application Server ABAP and ABAP PlatformSAP_BASIS 700 · SAP_BASIS 701 · SAP_BASIS 702 · SAP_BASIS 731 · SAP_BASIS 740 · SAP_BASIS 750
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HReferences