These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-44757 is a medium severity vulnerability in SAP Wily Introscope Enterprise Manager. An unauthenticated attacker can craft a specially crafted URL that, when accessed by a victim, injects a script that executes in the user's browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.
CVE-2026-44755 is an email spoofing vulnerability in SAP Business Objects Business Intelligence Platform. The vulnerability occurs because the platform does not sufficiently validate email sending parameters supplied by authenticated users. This results in an attacker being able to send emails that appear to come from a legitimate source, potentially leading to phishing attacks or other malicious activiti [truncated]
CVE-2026-44754 is a medium-severity vulnerability affecting the Operational Data Provisioning Data Replication API (ODP-RFC) of an unspecified SAP product. The Remote Function Call (RFC) modules of ODP-RFC are missing caller identification of permitted SAP-internal applications, allowing customer or third-party applications to use them in unintended ways. This could lead to the disclosure of data, but doe [truncated]
A vulnerability was discovered in the SAP Application Server ABAP, which allows an authenticated user to execute a report generation command that could overwrite information belonging to another user, resulting in escalation of privileges. This vulnerability has a high impact on integrity, low impact on availability, and no impact on confidentiality of the application.
A vulnerability in SAP MDG (Review Match Groups Application) allows low-privileged users to perform actions restricted to higher-privileged users, resulting in privilege escalation. This has a medium CVSS score of 4.3, with low impact on integrity and no impact on confidentiality or availability.
A critical vulnerability was discovered in SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can obtain a valid signed message and send modified signed XML documents to the verifier, potentially leading to unauthorized access to sensitive user data and disruption of normal system usage.
A reflected cross-site scripting (XSS) vulnerability exists in SAP NetWeaver JAVA (JDBC Test Servlet). An unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's browser. This could allow the attacker to access and/or modify informatio [truncated]
A SQL injection vulnerability was discovered in SAP S/4HANA (On-Premise) in a remote-enabled function module component. This flaw could be exploited by an authenticated attacker to potentially execute unauthorized database queries, exposing sensitive information to which they should not otherwise have access. The vulnerability has a high impact on the confidentiality of the data with no impact on the inte [truncated]
CVE-2026-44743 is a low-severity vulnerability in SAP Business Objects that leaks sensitive information when an unauthorized attacker accesses a specific endpoint. The vulnerability has a CVSS score of 3.7 and affects the confidentiality of data, with no impact on integrity and availability.
CVE-2026-40128 is a critical vulnerability in SAP NetWeaver Application Server Java (Web Container). An unauthenticated attacker can craft a malicious HTTP logon request to manipulate file inclusion parameters, enabling path traversal and processing of the included file. This could allow the attacker to view or modify sensitive information or render any part of the local system unavailable. The CVSS score [truncated]
A critical vulnerability, CVE-2026-27671, has been identified in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform. This vulnerability allows an unauthenticated attacker to send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could have a high impact on the confidentiality, integrity, and availability of the ap [truncated]
CVE-2026-24315 is a vulnerability in SAP Fiori Launchpad that allows attackers to craft malicious URLs, potentially leading to account compromise by stealing user credentials. The vulnerability has a CVSS score of 4.2 and is classified as MEDIUM severity. Successful exploitation requires advanced knowledge of the system and has a low impact on Confidentiality and Integrity, with no impact on Availability.
A content injection vulnerability in SAP Gateway allows authenticated attackers to manipulate error messages, potentially exposing request artifacts such as regex patterns and URI parsing logic. The vulnerability has a CVSS 3.1 score of 4.3 (Medium severity) with low impact on confidentiality; integrity and availability are unaffected. The issue was published by NVD on 2026-05-26 and classified under CWE- [truncated]
CVE-2026-23687 is a HIGH severity vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform. An authenticated attacker with normal privileges can exploit this vulnerability to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data, and potential disruptio [truncated]