Skip to main content

SAP NetWeaver AS ABAP CVE-2026-44760

| EUVDEUVD-2026-43590 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 sap GHSA-xvvp-5jh4-5684
4.7
CVSS 3.1 · Vendor: sap
Share

Severity by source

Vendor (sap) PRIMARY
4.7 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
4.7 MEDIUM

Network-accessible reflected XSS; AC:H for specific BSP parameter condition; UI:R for mandatory victim interaction; S:C for browser context pivot; no server availability impact.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:P/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (sap).

CVSS VectorVendor: sap

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 01:20 vuln.today
CVE Published
Jul 14, 2026 - 00:20 cve.org
MEDIUM 4.7

DescriptionCVE.org

Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.

AnalysisAI

Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify internet-facing BSP application endpoint
Delivery
Discover unsanitized reflected parameter via parameter fuzzing
Exploit
Craft URL embedding JavaScript payload
Execution
Deliver malicious URL to authenticated SAP user via phishing
Persist
Victim browser requests URL and executes injected script
Impact
Exfiltrate session cookie or invoke authenticated SAP transactions

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target SAP system exposes one or more BSP framework application endpoints over a network-reachable interface (consistent with AV:N), and that the specific BSP page and parameter being requested reflects user input unsanitized into the response - not all BSP pages or parameters are necessarily vulnerable, which aligns with the AC:H rating. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.7 Medium score with vector AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N presents a nuanced risk picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies a BSP application endpoint on an internet-facing SAP NetWeaver system where a URL query parameter is reflected unsanitized into the response HTML. The attacker crafts a URL embedding a JavaScript payload (e.g., a cookie-stealing script) and delivers it to a logged-in SAP business user via a phishing email or poisoned internal hyperlink. …
Remediation Apply the fix documented in SAP Security Note 3754659 (https://me.sap.com/notes/3754659) as the primary remediation; the exact patched version must be confirmed directly from the note, as no specific release version is extractable from the available intelligence data (patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-44760 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy