CVE-2026-24316
Server-Side Request Forgery (SSRF) in SAP NetWeaver Application Server for ABAP
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server for ABAP¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →