CyberSec.Space Logo
返回 CVE 浏览器

CVE-2026-23687

HIGH
8.8
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile40.63th
Published2026年2月10日
Last Modified2026年6月9日

Vulnerability Description

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.

Affected Platforms (CPE)

📦
Sap

Sap Basis

= 700
📦
Sap

Sap Basis

= 701
📦
Sap

Sap Basis

= 702
📦
Sap

Sap Basis

= 731
📦
Sap

Sap Basis

= 740
📦
Sap

Sap Basis

= 750
📦
Sap

Sap Basis

= 751
📦
Sap

Sap Basis

= 752
📦
Sap

Sap Basis

= 753
📦
Sap

Sap Basis

= 754
📦
Sap

Sap Basis

= 755
📦
Sap

Sap Basis

= 756
📦
Sap

Sap Basis

= 757
📦
Sap

Sap Basis

= 758
📦
Sap

Sap Basis

= 804
📦
Sap

Sap Basis

= 916
📦
Sap

Sap Basis

= 917
📦
Sap

Sap Basis

= 918

References & Advisories

🔗 https://me.sap.com/notes/3697567
🔗 https://url.sap/sapsecuritypatchday
🔗 http://seclists.org/fulldisclosure/2026/Jun/1

相关漏洞威胁

CVE-2018-23638.8

SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you ...

CVE-2018-23678.8

ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker t...

CVE-2019-02798.8

ABAP BASIS function modules INST_CREATE_R3_RFC_DEST, INST_CREATE_TCPIP_RFCDEST, and INST_CREATE_TCPIP_RFC_DEST in SAP BASIS (fixed...

CVE-2018-24948.0

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS A...