VDB
CVE-2026-23687
CVE-2026-23687
PUBLISHED
CVSS 8.800000190734863 HIGH
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.
EPSS 0.02% · 5.5th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.02%
5.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP NetWeaver AS ABAP and ABAP Platform | SAP_BASIS 700, SAP_BASIS 740, SAP_BASIS 750 |
| sap | sap_basis | 701, 700, 702 |
Timeline
- Feb 10, 2026 CVE Published
- Feb 10, 2026 EPSS Score
- Feb 10, 2026 PoC Published
- Feb 10, 2026 PoC Published
- Feb 10, 2026 PoC Published
- Feb 12, 2026 EPSS Score
- Feb 14, 2026 EPSS Score
- Feb 16, 2026 EPSS Score
- Feb 18, 2026 EPSS Score
- Feb 20, 2026 EPSS Score
- Feb 22, 2026 EPSS Score
- Feb 24, 2026 EPSS Score