Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1140 vulnerabilities by SAP_SE

    CVE-2026-58233 (GCVE-0-2026-58233)

    Vulnerability from nvd – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)
    Summary
    SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Change and Transport System Attach Tool (ctsattach)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "CTS_UPLOAD_CLT 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application\ufffds library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application\ufffds library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:45.702Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3773304"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-58233",
        "datePublished": "2026-07-14T00:21:45.702Z",
        "dateReserved": "2026-06-29T19:34:28.222Z",
        "dateUpdated": "2026-07-14T00:21:45.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44771 (GCVE-0-2026-44771)

    Vulnerability from nvd – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Missing Authorization check in SAP S/4HANA (Draft operation)
    Summary
    SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4HANA (Draft operation)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:28.231Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3515598"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP S/4HANA (Draft operation)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44771",
        "datePublished": "2026-07-14T00:21:28.231Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:28.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44770 (GCVE-0-2026-44770)

    Vulnerability from nvd – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Missing Authorization check in SAP S/4 HANA (Create Single Payment)
    Summary
    SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Create Single Payment) Affected: S4CORE 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: 109
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Create Single Payment)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "109"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:18.319Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3713902"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP S/4 HANA (Create Single Payment)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44770",
        "datePublished": "2026-07-14T00:21:18.319Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:18.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44769 (GCVE-0-2026-44769)

    Vulnerability from nvd – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)
    Summary
    SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4HANA Project Management (PPM-PRO) Affected: SAP_APPL 600
    Affected: 602
    Affected: 603
    Affected: 604
    Affected: 605
    Affected: 606
    Affected: 617
    Affected: 618
    Affected: S4CORE 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: CPRXRPM 400
    Affected: 450_700
    Affected: 500_702
    Affected: 610_740
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4HANA Project Management (PPM-PRO)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_APPL 600"
                },
                {
                  "status": "affected",
                  "version": "602"
                },
                {
                  "status": "affected",
                  "version": "603"
                },
                {
                  "status": "affected",
                  "version": "604"
                },
                {
                  "status": "affected",
                  "version": "605"
                },
                {
                  "status": "affected",
                  "version": "606"
                },
                {
                  "status": "affected",
                  "version": "617"
                },
                {
                  "status": "affected",
                  "version": "618"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "CPRXRPM 400"
                },
                {
                  "status": "affected",
                  "version": "450_700"
                },
                {
                  "status": "affected",
                  "version": "500_702"
                },
                {
                  "status": "affected",
                  "version": "610_740"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:07.573Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3537373"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44769",
        "datePublished": "2026-07-14T00:21:07.573Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:07.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44768 (GCVE-0-2026-44768)

    Vulnerability from nvd – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Security misconfiguration in SAP CRM (WebClient UI)
    Summary
    SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM (WebClient UI) Affected: S4FND 104
    Affected: 105
    Affected: 106
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM (WebClient UI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15: External Control of System or Configuration Setting",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:48.083Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3155685"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Security misconfiguration in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44768",
        "datePublished": "2026-07-14T00:20:48.083Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:20:48.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44767 (GCVE-0-2026-44767)

    Vulnerability from nvd – Published: 2026-07-14 00:22 – Updated: 2026-07-14 06:48
    VLAI
    Title
    Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection
    Summary
    setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> element, even when no <meta name=sap-allowed-theme-origins> tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE @ui5/webcomponents-base Affected: @ui5/webcomponents-base < 2.21.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "@ui5/webcomponents-base",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "@ui5/webcomponents-base \u003c 2.21.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003esetThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a \u0026lt;link rel=stylesheet\u0026gt; element, even when no \u0026lt;meta name=sap-allowed-theme-origins\u0026gt; tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content\u003c/p\u003e"
                }
              ],
              "value": "setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a \u003clink rel=stylesheet\u003e element, even when no \u003cmeta name=sap-allowed-theme-origins\u003e tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T06:48:31.541Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://github.com/UI5/webcomponents/security/advisories/GHSA-p8gx-753q-v89p"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44767",
        "datePublished": "2026-07-14T00:22:05.306Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T06:48:31.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44761 (GCVE-0-2026-44761)

    Vulnerability from nvd – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Insecure Sample Credentials in SAP Commerce Cloud
    Summary
    SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Commerce Cloud Affected: HY_COM 2205
    Affected: COM_CLOUD 2211
    Affected: 2211-JDK21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Commerce Cloud",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "HY_COM 2205"
                },
                {
                  "status": "affected",
                  "version": "COM_CLOUD 2211"
                },
                {
                  "status": "affected",
                  "version": "2211-JDK21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:29.454Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3753495"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Sample Credentials in SAP Commerce Cloud",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44761",
        "datePublished": "2026-07-14T00:20:29.454Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:29.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44760 (GCVE-0-2026-44760)

    Vulnerability from nvd – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)
    Summary
    Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Affected: SAP_BASIS 919
    Affected: SAP_BASIS 920
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 919"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 920"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application \u0027s availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application \u0027s availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:19.533Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3754659"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44760",
        "datePublished": "2026-07-14T00:20:19.533Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:19.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44759 (GCVE-0-2026-44759)

    Vulnerability from nvd – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
    Summary
    SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Enterprise Portal",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "EP-RUNTIME 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user\u0027s browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application\u0027s confidentiality and integrity, with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user\u0027s browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application\u0027s confidentiality and integrity, with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:09.899Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3746678"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44759",
        "datePublished": "2026-07-14T00:20:09.899Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:09.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44753 (GCVE-0-2026-44753)

    Vulnerability from nvd – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)
    Summary
    SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    sap
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Extended Application Services classic model (User Self Service)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204: Observable Response Discrepancy",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:58.321Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3732522"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44753",
        "datePublished": "2026-07-14T00:19:58.321Z",
        "dateReserved": "2026-05-07T18:31:04.066Z",
        "dateUpdated": "2026-07-14T00:19:58.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44752 (GCVE-0-2026-44752)

    Vulnerability from nvd – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
    Summary
    SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server Java(Configuration Wizard)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "LMCTC 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user\u0027s browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client\ufffds browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user\u0027s browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client\ufffds browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:45.308Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3748227"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44752",
        "datePublished": "2026-07-14T00:19:45.308Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:19:45.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44747 (GCVE-0-2026-44747)

    Vulnerability from nvd – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 7.53. 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.18
    Affected: 9.19
    Affected: 9.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53. 7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                },
                {
                  "status": "affected",
                  "version": "9.19"
                },
                {
                  "status": "affected",
                  "version": "9.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:33.450Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3747367"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44747",
        "datePublished": "2026-07-14T00:19:33.450Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:19:33.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44745 (GCVE-0-2026-44745)

    Vulnerability from nvd – Published: 2026-07-14 00:18 – Updated: 2026-07-14 00:18
    VLAI
    Title
    Open Redirect vulnerability in SAP Approuter
    Summary
    SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Approuter Affected: SAP Approuter node.js package < 21.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Approuter",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP Approuter node.js package \u003c 21.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:18:16.089Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3741519"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP Approuter",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44745",
        "datePublished": "2026-07-14T00:18:16.089Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:18:16.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27690 (GCVE-0-2026-27690)

    Vulnerability from nvd – Published: 2026-07-14 00:17 – Updated: 2026-07-14 00:17
    VLAI
    Title
    HTTP Request Smuggling in SAP Approuter
    Summary
    Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Approuter Affected: SAP Approuter node.js package < 20.10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Approuter",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP Approuter node.js package \u003c 20.10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444: Inconsistent Interpretation of HTTP Requests",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:17:55.003Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3720138"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP Request Smuggling in SAP Approuter",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27690",
        "datePublished": "2026-07-14T00:17:55.003Z",
        "dateReserved": "2026-02-23T17:50:17.028Z",
        "dateUpdated": "2026-07-14T00:17:55.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0487 (GCVE-0-2026-0487)

    Vulnerability from nvd – Published: 2026-07-14 00:17 – Updated: 2026-07-14 00:17
    VLAI
    Title
    DLL Hijacking vulnerability in SAProuter on Microsoft Windows
    Summary
    SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAProuter on Microsoft Windows Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: SAP_ROUTER 7.53
    Affected: 7.54
    Affected: KERNEL 7.22
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.17
    Affected: 9.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAProuter on Microsoft Windows",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.17"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:17:37.478Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3692165"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DLL Hijacking vulnerability in SAProuter on Microsoft Windows",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-0487",
        "datePublished": "2026-07-14T00:17:37.478Z",
        "dateReserved": "2025-12-09T22:06:31.239Z",
        "dateUpdated": "2026-07-14T00:17:37.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44767 (GCVE-0-2026-44767)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:22 – Updated: 2026-07-14 06:48
    VLAI
    Title
    Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection
    Summary
    setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a <link rel=stylesheet> element, even when no <meta name=sap-allowed-theme-origins> tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE @ui5/webcomponents-base Affected: @ui5/webcomponents-base < 2.21.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "@ui5/webcomponents-base",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "@ui5/webcomponents-base \u003c 2.21.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003esetThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a \u0026lt;link rel=stylesheet\u0026gt; element, even when no \u0026lt;meta name=sap-allowed-theme-origins\u0026gt; tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content\u003c/p\u003e"
                }
              ],
              "value": "setThemeRoot() failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a \u003clink rel=stylesheet\u003e element, even when no \u003cmeta name=sap-allowed-theme-origins\u003e tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL parameter.Exploitation requires attacker-influenced input (e.g., a URL query parameter, tenant configuration, or user-supplied setting) to reach setThemeRoot(). A successful exploit allows an attacker to inject arbitrary CSS into the victim page, enabling:- UI redressing and clickjacking- Phishing overlays- Visual defacement- Limited data exfiltration via CSS attribute selectors targeting predictable DOM content"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T06:48:31.541Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://github.com/UI5/webcomponents/security/advisories/GHSA-p8gx-753q-v89p"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44767",
        "datePublished": "2026-07-14T00:22:05.306Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T06:48:31.541Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-58233 (GCVE-0-2026-58233)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)
    Summary
    SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Change and Transport System Attach Tool (ctsattach)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "CTS_UPLOAD_CLT 1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application\ufffds library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAP Change and Transport System Attach Tool (ctsattach) allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application\ufffds library, can trigger insecure deserialization and lead to remote code execution (RCE) on the system. Successful exploitation requires a victim to process the malicious archive, enabling the attacker to execute the RCE and extract sensitive information and gain control over the system and its processes. This vulnerability has a high impact on confidentiality and integrity of the data, with a low impact on the availability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502: Deserialization of Untrusted Data",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:45.702Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3773304"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Remote Code Execution vulnerability in SAP Change and Transport System Attach Tool (ctsattach)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-58233",
        "datePublished": "2026-07-14T00:21:45.702Z",
        "dateReserved": "2026-06-29T19:34:28.222Z",
        "dateUpdated": "2026-07-14T00:21:45.702Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44771 (GCVE-0-2026-44771)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Missing Authorization check in SAP S/4HANA (Draft operation)
    Summary
    SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4HANA (Draft operation)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 108"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP S/4HANA Draft operation does not perform necessary authorization checks for an authenticated user, a restricted user could access information within the entity resulting in escalation of privileges. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:28.231Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3515598"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP S/4HANA (Draft operation)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44771",
        "datePublished": "2026-07-14T00:21:28.231Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:28.231Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44770 (GCVE-0-2026-44770)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    Missing Authorization check in SAP S/4 HANA (Create Single Payment)
    Summary
    SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4 HANA (Create Single Payment) Affected: S4CORE 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: 109
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4 HANA (Create Single Payment)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "109"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Create Single Payment does not perform necessary authorization checks for an authenticated user, a restricted user could access specific entity set keys resulting in disclosure of information. This has low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:18.319Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3713902"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing Authorization check in SAP S/4 HANA (Create Single Payment)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44770",
        "datePublished": "2026-07-14T00:21:18.319Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:18.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44769 (GCVE-0-2026-44769)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:21 – Updated: 2026-07-14 00:21
    VLAI
    Title
    SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)
    Summary
    SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP S/4HANA Project Management (PPM-PRO) Affected: SAP_APPL 600
    Affected: 602
    Affected: 603
    Affected: 604
    Affected: 605
    Affected: 606
    Affected: 617
    Affected: 618
    Affected: S4CORE 102
    Affected: 103
    Affected: 104
    Affected: 105
    Affected: 106
    Affected: 107
    Affected: 108
    Affected: CPRXRPM 400
    Affected: 450_700
    Affected: 500_702
    Affected: 610_740
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP S/4HANA Project Management (PPM-PRO)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_APPL 600"
                },
                {
                  "status": "affected",
                  "version": "602"
                },
                {
                  "status": "affected",
                  "version": "603"
                },
                {
                  "status": "affected",
                  "version": "604"
                },
                {
                  "status": "affected",
                  "version": "605"
                },
                {
                  "status": "affected",
                  "version": "606"
                },
                {
                  "status": "affected",
                  "version": "617"
                },
                {
                  "status": "affected",
                  "version": "618"
                },
                {
                  "status": "affected",
                  "version": "S4CORE 102"
                },
                {
                  "status": "affected",
                  "version": "103"
                },
                {
                  "status": "affected",
                  "version": "104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                },
                {
                  "status": "affected",
                  "version": "107"
                },
                {
                  "status": "affected",
                  "version": "108"
                },
                {
                  "status": "affected",
                  "version": "CPRXRPM 400"
                },
                {
                  "status": "affected",
                  "version": "450_700"
                },
                {
                  "status": "affected",
                  "version": "500_702"
                },
                {
                  "status": "affected",
                  "version": "610_740"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP S/4HANA application Project Management (PPM-PRO) allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:21:07.573Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3537373"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "SQL Injection vulnerability in SAP S/4HANA Project Management (PPM-PRO)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44769",
        "datePublished": "2026-07-14T00:21:07.573Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:21:07.573Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44768 (GCVE-0-2026-44768)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Security misconfiguration in SAP CRM (WebClient UI)
    Summary
    SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP CRM (WebClient UI) Affected: S4FND 104
    Affected: 105
    Affected: 106
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP CRM (WebClient UI)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "S4FND 104"
                },
                {
                  "status": "affected",
                  "version": "105"
                },
                {
                  "status": "affected",
                  "version": "106"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted.\u003c/p\u003e"
                }
              ],
              "value": "SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy (CSP) configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application. Confidentiality and availability are not impacted."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15: External Control of System or Configuration Setting",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:48.083Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3155685"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Security misconfiguration in SAP CRM (WebClient UI)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44768",
        "datePublished": "2026-07-14T00:20:48.083Z",
        "dateReserved": "2026-05-07T18:39:44.147Z",
        "dateUpdated": "2026-07-14T00:20:48.083Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44761 (GCVE-0-2026-44761)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Insecure Sample Credentials in SAP Commerce Cloud
    Summary
    SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Commerce Cloud Affected: HY_COM 2205
    Affected: COM_CLOUD 2211
    Affected: 2211-JDK21
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Commerce Cloud",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "HY_COM 2205"
                },
                {
                  "status": "affected",
                  "version": "COM_CLOUD 2211"
                },
                {
                  "status": "affected",
                  "version": "2211-JDK21"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token and invoke certain APIs to read and modify data. Successful exploitation results in high impact on confidentiality and integrity, with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1392",
                  "description": "CWE-1392: Use of Default Credentials",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:29.454Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3753495"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insecure Sample Credentials in SAP Commerce Cloud",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44761",
        "datePublished": "2026-07-14T00:20:29.454Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:29.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44760 (GCVE-0-2026-44760)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)
    Summary
    Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) Affected: SAP_BASIS 700
    Affected: SAP_BASIS 701
    Affected: SAP_BASIS 702
    Affected: SAP_BASIS 731
    Affected: SAP_BASIS 740
    Affected: SAP_BASIS 750
    Affected: SAP_BASIS 751
    Affected: SAP_BASIS 752
    Affected: SAP_BASIS 753
    Affected: SAP_BASIS 754
    Affected: SAP_BASIS 755
    Affected: SAP_BASIS 756
    Affected: SAP_BASIS 757
    Affected: SAP_BASIS 758
    Affected: SAP_BASIS 816
    Affected: SAP_BASIS 918
    Affected: SAP_BASIS 919
    Affected: SAP_BASIS 920
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP_BASIS 700"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 701"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 702"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 731"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 740"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 750"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 751"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 752"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 753"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 754"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 755"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 756"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 757"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 758"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 816"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 918"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 919"
                },
                {
                  "status": "affected",
                  "version": "SAP_BASIS 920"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application \u0027s availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application \u0027s availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:19.533Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3754659"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44760",
        "datePublished": "2026-07-14T00:20:19.533Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:19.533Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44759 (GCVE-0-2026-44759)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:20 – Updated: 2026-07-14 00:20
    VLAI
    Title
    Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal
    Summary
    SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Enterprise Portal",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "EP-RUNTIME 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user\u0027s browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application\u0027s confidentiality and integrity, with no impact on availability.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user\u0027s browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application\u0027s confidentiality and integrity, with no impact on availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:20:09.899Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3746678"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44759",
        "datePublished": "2026-07-14T00:20:09.899Z",
        "dateReserved": "2026-05-07T18:31:04.067Z",
        "dateUpdated": "2026-07-14T00:20:09.899Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44753 (GCVE-0-2026-44753)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)
    Summary
    SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.
    CWE
    • CWE-204 - Observable Response Discrepancy
    Assigner
    sap
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP HANA Extended Application Services classic model (User Self Service)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "HDB 2.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP HANA Database (user self service tools) allows an unauthenticated user to send specially crafted requests that produce distinguishable responses, enabling enumeration of valid user accounts and email addresses. Successful exploitation could allow the attacker to enumerate valid user accounts, resulting in low impact on confidentiality, with no impact on integrity and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-204",
                  "description": "CWE-204: Observable Response Discrepancy",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:58.321Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3732522"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Information Disclosure vulnerability in SAP HANA Extended Application Services classic model (User Self Service)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44753",
        "datePublished": "2026-07-14T00:19:58.321Z",
        "dateReserved": "2026-05-07T18:31:04.066Z",
        "dateUpdated": "2026-07-14T00:19:58.321Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44752 (GCVE-0-2026-44752)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)
    Summary
    SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server Java(Configuration Wizard)",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "LMCTC 7.50"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user\u0027s browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client\ufffds browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user\u0027s browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client\ufffds browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:45.308Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3748227"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44752",
        "datePublished": "2026-07-14T00:19:45.308Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:19:45.308Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44747 (GCVE-0-2026-44747)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:19 – Updated: 2026-07-14 00:19
    VLAI
    Title
    Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP
    Summary
    SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.
    CWE
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP NetWeaver Application Server ABAP Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: KERNEL 7.22
    Affected: 7.53. 7.54
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.18
    Affected: 9.19
    Affected: 9.20
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP NetWeaver Application Server ABAP",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53. 7.54"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                },
                {
                  "status": "affected",
                  "version": "9.19"
                },
                {
                  "status": "affected",
                  "version": "9.20"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.9,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787: Out-of-bounds Write",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:19:33.450Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3747367"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44747",
        "datePublished": "2026-07-14T00:19:33.450Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:19:33.450Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-44745 (GCVE-0-2026-44745)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:18 – Updated: 2026-07-14 00:18
    VLAI
    Title
    Open Redirect vulnerability in SAP Approuter
    Summary
    SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.
    CWE
    • CWE-601 - URL Redirection to Untrusted Site
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Approuter Affected: SAP Approuter node.js package < 21.2.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Approuter",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP Approuter node.js package \u003c 21.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application.\u003c/p\u003e"
                }
              ],
              "value": "SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow under certain configurations. This allows an unauthenticated remote attacker to craft a malicious link which, when clicked by a victim, could lead to unauthorized access. Successful exploitation results in a high impact to the confidentiality and integrity with no impact on the availability of the application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-601",
                  "description": "CWE-601: URL Redirection to Untrusted Site",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:18:16.089Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3741519"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Open Redirect vulnerability in SAP Approuter",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-44745",
        "datePublished": "2026-07-14T00:18:16.089Z",
        "dateReserved": "2026-05-07T18:16:34.195Z",
        "dateUpdated": "2026-07-14T00:18:16.089Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-27690 (GCVE-0-2026-27690)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:17 – Updated: 2026-07-14 00:17
    VLAI
    Title
    HTTP Request Smuggling in SAP Approuter
    Summary
    Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.
    CWE
    • CWE-444 - Inconsistent Interpretation of HTTP Requests
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAP Approuter Affected: SAP Approuter node.js package < 20.10.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Approuter",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "SAP Approuter node.js package \u003c 20.10.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDue to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability.\u003c/p\u003e"
                }
              ],
              "value": "Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to a high impact on confidentiality and availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-444",
                  "description": "CWE-444: Inconsistent Interpretation of HTTP Requests",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:17:55.003Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3720138"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "HTTP Request Smuggling in SAP Approuter",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-27690",
        "datePublished": "2026-07-14T00:17:55.003Z",
        "dateReserved": "2026-02-23T17:50:17.028Z",
        "dateUpdated": "2026-07-14T00:17:55.003Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0487 (GCVE-0-2026-0487)

    Vulnerability from cvelistv5 – Published: 2026-07-14 00:17 – Updated: 2026-07-14 00:17
    VLAI
    Title
    DLL Hijacking vulnerability in SAProuter on Microsoft Windows
    Summary
    SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    sap
    Impacted products
    Vendor Product Version
    SAP_SE SAProuter on Microsoft Windows Affected: KRNL64NUC 7.22
    Affected: 7.22EXT
    Affected: KRNL64UC 7.22
    Affected: 7.53
    Affected: SAP_ROUTER 7.53
    Affected: 7.54
    Affected: KERNEL 7.22
    Affected: 7.77
    Affected: 7.89
    Affected: 7.93
    Affected: 9.16
    Affected: 9.17
    Affected: 9.18
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAProuter on Microsoft Windows",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "KRNL64NUC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.22EXT"
                },
                {
                  "status": "affected",
                  "version": "KRNL64UC 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.53"
                },
                {
                  "status": "affected",
                  "version": "SAP_ROUTER 7.53"
                },
                {
                  "status": "affected",
                  "version": "7.54"
                },
                {
                  "status": "affected",
                  "version": "KERNEL 7.22"
                },
                {
                  "status": "affected",
                  "version": "7.77"
                },
                {
                  "status": "affected",
                  "version": "7.89"
                },
                {
                  "status": "affected",
                  "version": "7.93"
                },
                {
                  "status": "affected",
                  "version": "9.16"
                },
                {
                  "status": "affected",
                  "version": "9.17"
                },
                {
                  "status": "affected",
                  "version": "9.18"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eSAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system.\u003c/p\u003e"
                }
              ],
              "value": "SAProuter on Microsoft Windows allows an unauthenticated attacker to load library (DLL) files from an untrusted location, allowing them to execute malicious code on the system. This could enable the attacker to hijack the DLL loading process and achieve arbitrary code execution. This has high impact on confidentiality, integrity and availability of the system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427: Uncontrolled Search Path Element",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T00:17:37.478Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://me.sap.com/notes/3692165"
            },
            {
              "url": "https://url.sap/sapsecuritypatchday"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DLL Hijacking vulnerability in SAProuter on Microsoft Windows",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2026-0487",
        "datePublished": "2026-07-14T00:17:37.478Z",
        "dateReserved": "2025-12-09T22:06:31.239Z",
        "dateUpdated": "2026-07-14T00:17:37.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }