CVE-2022-26102
MEDIUMSAP NetWeaver Application Server ABAP 700, 701, 702, 731 - Authenticated Missing Authorization Check
Title source: llmDescription
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/3145997
Vendor Advisory x_refsource_misc
https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10
Scores
CVSS v3
5.4
EPSS
0.0013
EPSS Percentile
31.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (4)
sap/netweaver_application_server_abap
700
sap/netweaver_application_server_abap
701
sap/netweaver_application_server_abap
702
sap/netweaver_application_server_abap
731
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026