CVE 7.1 HIGH

Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform_CVE-2026-44751

June 8, 2026 invoker category_cve
7.1 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Description

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with low impact on availability and no impact on confidentiality of the application.

Basic Information

ID CVE-2026-44751
Source sap
Published Jun 9, 2026 at 00:21

Affected Product

Vendor SAP_SE
Product SAP NetWeaver and ABAP Platform
Version SAP_BASIS 700
Affected Versions SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 700
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 701
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 702
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 731
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 740
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 750
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 751
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 752
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 753
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 754
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 755
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 756
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 757
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 758
SAP_SE SAP NetWeaver and ABAP Platform SAP_BASIS 816

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.