Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.4
SAP NetWeaver ABAP Server Sends Sensitive Requests to Wrong Addresses
CVE-2026-24316
Summary
A testing feature in SAP's ABAP server can be tricked into sending sensitive internal requests to the wrong places. This could potentially expose sensitive data, but doesn't affect the system's availability. You should review and restrict access to this testing feature to prevent unintended requests.
Original title
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulne...
Original description
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
nvd CVSS3.1
6.4
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026