Open Redirect vulnerability in SAP NetWeaver Application Server ABAP

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.

Basic Information

ID CVE-2026-34257

Source sap

Published Apr 14, 2026 at 00:08

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Application Server ABAP

Version SAP_BASIS 700

Affected Versions SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 700
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 701
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 702
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 731
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 740
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 750
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 752
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 753
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 754
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 755
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 756
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 757
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 758
SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 816

CWE Classification

CWE-601

References

{
    "lastseen": "",
    "description": "Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page controlled by the attacker. This causes low impact on confidentiality and integrity of the application with no impact on availability.",
    "published": "2026-04-14T00:08:39.814Z",
    "modified": "2026-04-14T00:08:39.814Z",
    "type": "cve",
    "title": "Open Redirect vulnerability in SAP NetWeaver Application Server ABAP",
    "source": "sap",
    "references": "https://me.sap.com/notes/3692004\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-34257",
    "bulletinFamily": "",
    "cwe": [
        "CWE-601"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 700\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 701\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 702\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 731\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 740\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 750\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 752\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 753\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 754\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 755\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 756\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 757\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 758\nSAP_SE SAP NetWeaver Application Server ABAP SAP_BASIS 816",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Application Server ABAP",
    "version": "SAP_BASIS 700",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Open Redirect vulnerability in SAP NetWeaver Application Server ABAP_CVE-2026-34257