CVE-2026-27684
SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)
CVSS Score
6.4
EPSS Score
0.0%
EPSS Percentile
0th
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.
| Vendor | sap_se |
| Product | sap netweaver (feedback notification) |
| Published | Mar 10, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap netweaver (feedback notification)
Be the first to know when new medium vulnerabilities affecting sap_se sap netweaver (feedback notification) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
Low
Affected Versions
SAP_SE / SAP NetWeaver (Feedback Notification)
SAP_ABA 700 701 702 731 740 750 751 752 75A 75B 75C 75D 75E 75F 75G 75H 75I 816