Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
SAP NetWeaver ABAP Server Allows Malicious Data Changes
CVE-2026-24309
Summary
An attacker with a valid login can make unauthorized changes to the SAP system's database settings, potentially slowing down the system or causing interruptions. This issue affects SAP NetWeaver Application Server for ABAP and requires immediate attention from system administrators to prevent potential disruptions. It is recommended to apply the latest security patches to fix this vulnerability.
Original title
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the dat...
Original description
Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module to read, modify or insert entries into the database configuration table of the ABAP system. This unauthorized content change could lead to reduced system performance or interruptions. The vulnerability has low impact on the application's integrity and availability, with no effect on confidentiality.
nvd CVSS3.1
6.4
Vulnerability type
CWE-862
Missing Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026