GHSA-x77x-2wjm-8x4r

GHSA-x77x-2wjm-8x4r PUBLISHED CVSS 6.400000095367432 MEDIUM

SAP NetWeaver Application Server for ABAP provides an ABAP Report for testing purposes, which allows to send HTTP requests to arbitrary internal or external endpoints. The report is therefore vulnerable to Server-Side Request Forgery (SSRF). Successful exploitation could lead to interaction with potentially sensitive internal endpoints, resulting in a low impact on data confidentiality and integrity. There is no impact on availability of the application.

Risk Scores

CVSS v3.1

6.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Timeline

Mar 10, 2026 CVE Published
Apr 10, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-24316 advisory
https://me.sap.com/notes/3689080 url
https://url.sap/sapsecuritypatchday url

Open in Interactive Console →