PatchSiren cyber security CVE debrief
CVE-2026-24315 SAP_SE CVE debrief
CVE-2026-24315 is a vulnerability in SAP Fiori Launchpad that allows attackers to craft malicious URLs, potentially leading to account compromise by stealing user credentials. The vulnerability has a CVSS score of 4.2 and is classified as MEDIUM severity. Successful exploitation requires advanced knowledge of the system and has a low impact on Confidentiality and Integrity, with no impact on Availability.
- Vendor
- SAP_SE
- Product
- SAP Fiori (launchpad)
- CVSS
- MEDIUM 4.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of SAP Fiori Launchpad should be aware of this vulnerability and take necessary precautions to avoid exploitation.
Technical summary
The vulnerability exists in SAP Fiori Launchpad, allowing attackers to craft malicious URLs that can trigger arbitrary service calls on the Fiori domain. When opened by a user, these URLs could compromise accounts by stealing user credentials. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by SAP to fix the vulnerability.
- Implement additional security measures, such as monitoring and filtering of URLs.
Evidence notes
The vulnerability was reported by an unknown vendor and has a low confidence level. The evidence suggests that the vendor is likely SAP.
Official resources
CVE-2026-24315 was published on 2026-06-09T01:16:45.740Z and modified on 2026-06-09T02:08:28.150Z.