Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.0
SAP NetWeaver ABAP Server: Unauthorized access to log files
CVE-2026-27688
Summary
An attacker with user privileges can read sensitive log files in SAP NetWeaver ABAP Server. This could lead to unauthorized access to confidential information. To fix this, ensure that proper authorization checks are in place for the affected function module.
Original title
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function ...
Original description
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.
nvd CVSS3.1
5.0
Vulnerability type
CWE-862
Missing Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026