CVE-2026-24320

Опубликовано: 10 фев. 2026

Источник: nvd

CVSS3: 3.1

EPSS Низкий

Описание

Due to improper memory management in SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker could exploit logical errors in memory management by supplying specially crafted input containing unique characters, which are improperly converted. This may result in memory corruption and the potential leakage of memory content. Successful exploitation of this vulnerability would have a low impact on the confidentiality of the application, with no effect on its integrity or availability.

Ссылки

https://me.sap.com/notes/3678313
Permissions Required
https://url.sap/sapsecuritypatchday
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_as_abap_kernel:7.22:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:7.54:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:7.77:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:7.89:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:7.93:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:9.16:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:9.17:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_kernel:9.18:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_krnl64nuc:7.22ext:*:*:*:*:*:*:*

cpe:2.3:a:sap:netweaver_as_abap_krnl64uc:7.22:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00238

Низкий

3.1 Low

CVSS3

Дефекты

CWE-113

CWE-787

Связанные уязвимости

GHSA-hfw8-fmmj-c2q7