CVE-2026-0484
MEDIUM WAF: Medium
CVSS 6.5
Published: 2026-02-10
CWE-601 CWE-862
Due to missing authorization check in SAP NetWeaver Application Server ABAP and SAP S/4HANA, an authenticated attacker could access a specific transaction code and modify the text data in the system. This vulnerability has a high impact on integrity of the application with no effect on the confidentiality and availability.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Missing Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sap | sap_basis | 700 |
| sap | sap_basis | 701 |
| sap | sap_basis | 702 |
| sap | sap_basis | 731 |
| sap | sap_basis | 740 |
| sap | sap_basis | 750 |
| sap | sap_basis | 751 |
| sap | sap_basis | 752 |
| sap | sap_basis | 753 |
| sap | sap_basis | 754 |
References
- me.sap.com (Permissions Required)
- url.sap (Vendor Advisory)