CVE-2026-24328

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2026-24328
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3688319 Permissions Required
https://url.sap/sapsecuritypatchday Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_server_pages:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:2008_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:2008_1_710:*:*:*:*:*:*:*
History

17 Feb 2026, 15:10

Type Values Removed Values Added
CPE cpe:2.3:a:sap:business_server_pages:2008_1_710:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:2008_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:740:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_server_pages:758:*:*:*:*:*:*:*
First Time Sap
Sap business Server Pages
Summary
  • (es) SAP TAF_APPLAUNCHER dentro de Business Server Pages permite a un atacante no autenticado crear enlaces maliciosos que, al ser pulsados por una víctima, los redirigen a sitios controlados por el atacante, exponiendo o alterando potencialmente información sensible en el navegador de la víctima. Esto resulta en un impacto bajo en la confidencialidad y la integridad, sin impacto en la disponibilidad de la aplicación.
References () https://me.sap.com/notes/3688319 - () https://me.sap.com/notes/3688319 - Permissions Required
References () https://url.sap/sapsecuritypatchday - () https://url.sap/sapsecuritypatchday - Vendor Advisory

10 Feb 2026, 04:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 15:10

NVD link : CVE-2026-24328

Mitre link : CVE-2026-24328

CVE.ORG link : CVE-2026-24328

JSON object : View

Products Affected

sap

  • business_server_pages
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')