Skip to main content

Sap Gateway

1 CVEs product

Monthly

CVE-2026-44749 MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD
CVSS 3.1
4.3
EPSS
0.0%
EPSS 0% CVSS 4.3
MEDIUM This Month

Content injection into SAP Gateway error messages exposes internal implementation details - specifically regex patterns and URI parsing logic - to authenticated remote attackers. Affecting SAP Gateway versions 750 through 758 and SAP_BASIS 795, the flaw allows an attacker with low-level network credentials to craft inputs that surface sensitive system internals via error responses. Confidentiality impact is rated low; integrity and availability are unaffected. No active exploitation is confirmed (CISA KEV absent), and EPSS sits at 0.01%, consistent with SSVC's 'exploitation: none' assessment.

Code Injection SAP Sap Gateway
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy