{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0484", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:05:48.244Z", "datePublished": "2026-02-10T03:00:41.098Z", "dateUpdated": "2026-02-10T20:18:52.296Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server ABAP and SAP S/4HANA", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 816"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.</p>"}], "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:00:41.098Z"}, "references": [{"url": "https://me.sap.com/notes/3672622"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T20:18:45.449882Z", "id": "CVE-2026-0484", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:18:52.296Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0484", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:05:48.244Z", "datePublished": "2026-02-10T03:00:41.098Z", "dateUpdated": "2026-02-10T20:18:52.296Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Application Server ABAP and SAP S/4HANA", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 816"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.</p>"}], "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601: URL Redirection to Untrusted Site", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:00:41.098Z"}, "references": [{"url": "https://me.sap.com/notes/3672622"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing Authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0484", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-10T20:18:45.449882Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:18:49.647Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:816:*:*:*:*:*:*:*", "matchCriteriaId": "EF7825FC-2F0F-4096-BE41-67B4DCC4F7DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability."}, {"lang": "es", "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver Servidor de aplicaciones ABAP y SAP S/4HANA, un atacante autenticado podr\u00eda acceder a un c\u00f3digo de transacci\u00f3n espec\u00edfico y modificar los datos de texto en el sistema. Esta vulnerabilidad tiene un alto impacto en la integridad de la aplicaci\u00f3n sin efecto en la confidencialidad y disponibilidad."}], "id": "CVE-2026-0484", "lastModified": "2026-02-17T16:12:08.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-02-10T04:16:00.947", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3672622"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 700"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 701"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 702"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 731"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 740"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 750"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 751"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 752"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 753"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 754"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 755"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 756"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 757"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 758"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_BASIS 816"}}], "product": "sap_netweaver_application_server_abap_and_sap_s/4hana", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-18T12:55:26.568663+00:00", "value": {"mitigation_remediation": ["Apply the SAP security patch provided in SAP Note 3672622 to restore the missing authorization check on the vulnerable transaction code.", "Restrict the transaction code to only those roles that truly require it, thereby limiting potential abuse until the patch is deployed.", "Implement monitoring of audit logs for changes to text data and conduct regular integrity checks to detect any unauthorized modifications post\u2011patch."], "summary": {"action": "Apply patch", "impact": "Unauthorized modification of text data, compromising integrity"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SAP NetWeaver Basis releases 7.0 through 8.16, which include SAP NetWeaver Application Server ABAP and SAP S/4HANA. Any installation of these components that has not applied the defined fix is potentially exposed.", "description_and_impact": "A missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA allows an authenticated attacker to access a specific transaction code and change text data stored in the system. The flaw does not expose sensitive information or disrupt system availability, but it directly alters application integrity, potentially corrupting business records.", "risk_and_exploitability": "The CVSS score of 6.5 indicates a moderate to high risk, and the EPSS score of less than 1% suggests exploitation is unlikely but not impossible. The flaw is not listed in the CISA Known Exploited Vulnerabilities catalog. The attack requires a valid authenticated session, so it is typically confined to internal users who have sufficient privileges to execute the vulnerable transaction. Once accessed, the attacker can modify application data, which may lead to downstream processing errors or false reporting."}}}}, "created": "2026-02-10T11:34:46.352806+00:00", "updated": "2026-04-18T13:00:08.758474+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_netweaver_application_server_abap_and_sap_s/4hana"]}