CVE-2026-0506

{"id": "CVE-2026-0506", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2026-01-13T02:15:53.277", "references": [{"url": "https://me.sap.com/notes/3688703", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Patch", "Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected."}], "lastModified": "2026-01-22T18:48:00.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "6F048ED9-2DDF-4EB9-8571-73832AFABF6A"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "2BD9FE51-F76C-439A-A3C0-5279EC1059F7"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "8E96C58C-ED44-487B-A67E-FDAE3C29023A"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "3E0CA53D-4335-4872-B527-30802E31B893"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "419BA423-0803-4F51-8889-014A521F02CE"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "DA20ECDC-8807-462C-A0F0-70DF6F5A119B"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "800AAC21-325C-4F16-AE5A-9F89327E5356"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "BDC15DB7-A95B-475F-AAA6-60A801F65690"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "55A2FECF-A32E-4188-9563-E8BA0E952261"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "5160572B-E3AB-4B96-8950-07DDAFA0E4A6"}, {"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:816:*:*:*:sap_basis:*:*:*", "vulnerable": true, "matchCriteriaId": "32888162-53F9-4598-8C04-E4A4903AAB57"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}