← Voltar para CVEs
CVE-2026-24316
MEDIUM6.4
Descricao
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
Detalhes CVE
Pontuacao CVSS v3.16.4
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado3/10/2026
Ultima modificacao3/11/2026
Fontenvd
Avistamentos honeypot0
Fraquezas (CWE)
CWE-918
Referencias
https://me.sap.com/notes/3689080(cna@sap.com)
https://url.sap/sapsecuritypatchday(cna@sap.com)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.