{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27684", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-02-23T17:50:17.028Z", "datePublished": "2026-03-10T00:18:10.725Z", "dateUpdated": "2026-03-10T16:53:00.603Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:18:10.725Z"}, "title": "SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)", "problemTypes": [{"descriptions": [{"lang": "eng", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command", "type": "CWE"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver (Feedback Notification)", "versions": [{"status": "affected", "version": "SAP_ABA 700"}, {"status": "affected", "version": "701"}, {"status": "affected", "version": "702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "75A"}, {"status": "affected", "version": "75B"}, {"status": "affected", "version": "75C"}, {"status": "affected", "version": "75D"}, {"status": "affected", "version": "75E"}, {"status": "affected", "version": "75F"}, {"status": "affected", "version": "75G"}, {"status": "affected", "version": "75H"}, {"status": "affected", "version": "75I"}, {"status": "affected", "version": "816"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.</p>"}]}], "references": [{"url": "https://me.sap.com/notes/3697355"}, {"url": "https://url.sap/sapsecuritypatchday"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseSeverity": "MEDIUM", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-10T15:36:02.240395Z", "id": "CVE-2026-27684", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T16:53:00.603Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27684", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-10T15:36:02.240395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-10T15:36:03.323Z"}}], "cna": {"title": "SQL Injection Vulnerability in SAP NetWeaver (Feedback Notification)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver (Feedback Notification)", "versions": [{"status": "affected", "version": "SAP_ABA 700"}, {"status": "affected", "version": "701"}, {"status": "affected", "version": "702"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "75A"}, {"status": "affected", "version": "75B"}, {"status": "affected", "version": "75C"}, {"status": "affected", "version": "75D"}, {"status": "affected", "version": "75E"}, {"status": "affected", "version": "75F"}, {"status": "affected", "version": "75G"}, {"status": "affected", "version": "75H"}, {"status": "affected", "version": "75I"}, {"status": "affected", "version": "816"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3697355"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-03-10T00:18:10.725Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27684", "state": "PUBLISHED", "dateUpdated": "2026-03-10T16:53:00.603Z", "dateReserved": "2026-02-23T17:50:17.028Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-03-10T00:18:10.725Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. As a result, an attacker can manipulate the WHERE clause logic and potentially gain unauthorized access to or modify database information. This vulnerability has no impact on integrity and low impact on the confidentiality and availability of the application."}], "id": "CVE-2026-27684", "lastModified": "2026-03-11T13:53:47.157", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-03-10T17:38:10.767", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3697355"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP_ABA 700"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "701"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "702"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "731"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "740"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "750"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "751"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "752"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75A"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75B"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75C"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75D"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75E"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75F"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75G"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75H"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "75I"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "816"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "SAP NetWeaver (Feedback Notification)", "source": "cna", "vendor": "SAP_SE"}, "product": "sap_netweaver_(feedback_notification)", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-16T09:56:08.903498+00:00", "value": {"mitigation_remediation": ["Apply the SAP security patch referenced in SAP Note 3697355 to eliminate the SQL injection code path. ", "Restrict or remove write permissions for the Feedback Notification service user to minimize the blast radius if the flaw remains unpatched. ", "Implement input validation and parameterized queries for any future feature development within the Feedback Notification module, following best practice against CWE-89 weaknesses."], "summary": {"action": "Patch", "impact": "SQL Injection (Authenticated)"}, "threat_synthesis": {"affected_systems": "SAP NetWeaver Feedback Notification service is impacted. No specific version information is supplied, implying that the flaw may exist in all releases covered by SAP Note 3697355 until the patch is applied.", "description_and_impact": "The vulnerability lies in the SAP NetWeaver Feedback Notifications Service, where user-controlled fields are concatenated directly into SQL queries without validation. An attacker who has authenticated to the application can inject arbitrary SQL, altering the SELECT WHERE clause. Consequently, the attacker may read, modify, or delete data in the underlying database. The description indicates that the flaw does not affect data integrity and has only a low impact on confidentiality and availability.", "risk_and_exploitability": "The CVSS score of 6.4 classifies the flaw as moderate risk, yet the EPSS score is below 1%, suggesting that exploitation attempts are unlikely at present. The vulnerability is not listed in the CISA KEV catalog, supporting a lower threat level. Attackers would need authenticated access to the application and must supply crafted input to manipulate SQL queries. Because the flaw is confined to authenticated users, the attack surface is limited, though still significant for internal actors or compromised accounts."}}}}, "created": "2026-03-10T14:06:13.708409+00:00", "updated": "2026-04-16T10:00:14.090745+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_netweaver_(feedback_notification)"]}