CVE-2026-24316
MEDIUMSAP NetWeaver Application Server for ABAP - Server-Side Request Forgery via ABAP Test Report
Title source: llmDescription
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3689080
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.4
EPSS
0.0016
EPSS Percentile
5.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (11)
sap/netweaver_application_server_abap
740
sap/netweaver_application_server_abap
750
sap/netweaver_application_server_abap
752
sap/netweaver_application_server_abap
753
sap/netweaver_application_server_abap
754
sap/netweaver_application_server_abap
755
sap/netweaver_application_server_abap
756
sap/netweaver_application_server_abap
757
sap/netweaver_application_server_abap
758
sap/netweaver_application_server_abap
816
... and 1 more
Published
Mar 10, 2026
Tracked Since
Mar 11, 2026