Information Disclosure vulnerability in SAP Gateway_CVE-2026-44749

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Description

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.

Basic Information

ID CVE-2026-44749

Source sap

Published May 26, 2026 at 17:24

Modified May 26, 2026 at 18:36

Affected Product

Vendor SAP_SE

Product SAP Gateway

Version SAP_GWFND 750

Affected Versions SAP_SE SAP Gateway SAP_GWFND 750
SAP_SE SAP Gateway 751
SAP_SE SAP Gateway 752
SAP_SE SAP Gateway 753
SAP_SE SAP Gateway 754
SAP_SE SAP Gateway 755
SAP_SE SAP Gateway 756
SAP_SE SAP Gateway 757
SAP_SE SAP Gateway 758
SAP_SE SAP Gateway SAP_BASIS 795

CWE Classification

CWE-497

References

{
    "lastseen": "",
    "description": "The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.",
    "published": "2026-05-26T17:24:33.329Z",
    "modified": "2026-05-26T18:36:16.647Z",
    "type": "cve",
    "title": "Information Disclosure vulnerability in SAP Gateway",
    "source": "sap",
    "references": "https://me.sap.com/notes/3433366\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2026-44749",
    "bulletinFamily": "",
    "cwe": [
        "CWE-497"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP Gateway SAP_GWFND 750\nSAP_SE SAP Gateway 751\nSAP_SE SAP Gateway 752\nSAP_SE SAP Gateway 753\nSAP_SE SAP Gateway 754\nSAP_SE SAP Gateway 755\nSAP_SE SAP Gateway 756\nSAP_SE SAP Gateway 757\nSAP_SE SAP Gateway 758\nSAP_SE SAP Gateway SAP_BASIS 795",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP Gateway",
    "version": "SAP_GWFND 750",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}