CVE-2026-27688
Missing Authorization check in SAP NetWeaver Application Server for ABAP
CVSS Score
5.0
EPSS Score
0.0%
EPSS Percentile
0th
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.
| Vendor | sap_se |
| Product | sap netweaver application server for abap |
| Published | Mar 10, 2026 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for sap_se sap netweaver application server for abap
Be the first to know when new medium vulnerabilities affecting sap_se sap netweaver application server for abap are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
SAP_SE / SAP NetWeaver Application Server for ABAP
SAP_BASIS 700 SAP_BASIS 701 SAP_BASIS 702 SAP_BASIS 710 SAP_BASIS 711 SAP_BASIS 730 SAP_BASIS 731 SAP_BASIS 740 SAP_BASIS 750 SAP_BASIS 751 SAP_BASIS 752 SAP_BASIS 753 SAP_BASIS 754 SAP_BASIS 755 SAP_BASIS 756 SAP_BASIS 757 SAP_BASIS 758 SAP_BASIS 816