Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
SAP NetWeaver Feedback Notifications Service allows attackers to access or modify database data
CVE-2026-27684
Summary
Authenticated attackers can inject malicious code into the database, potentially accessing or changing sensitive data. This could compromise the confidentiality, integrity, or availability of the database. SAP users should update to the latest version to prevent exploitation.
Original title
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The appl...
Original description
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.
nvd CVSS3.1
6.4
Vulnerability type
CWE-89
SQL Injection
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026