CVE-2026-24328
MEDIUM WAF: Medium
CVSS 6.1
Published: 2026-02-10
CWE-601
SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on confidentiality and integrity, with no impact on the availability of the application.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| sap | business_server_pages | 740 |
| sap | business_server_pages | 758 |
| sap | business_server_pages | 2008_1_700 |
| sap | business_server_pages | 2008_1_710 |
References
- me.sap.com (Permissions Required)
- url.sap (Vendor Advisory)