9.8
CVE-2026-27671
- EPSS 0.44%
- Veröffentlicht 09.06.2026 00:20:04
- Zuletzt bearbeitet 09.06.2026 02:08:28
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
Memory Corruption vulnerability in Application Server ABAP of SAP NetWeaver and ABAP Platform
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high impact on the confidentiality, integrity, and availability of the application.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
≫
Produkt
SAP NetWeaver AS ABAP and ABAP Platform
Default Statusunaffected
Version
KRNL64NUC 7.22
Status
affected
Version
7.22EXT
Status
affected
Version
KRNL64UC 7.22
Status
affected
Version
722EXT
Status
affected
Version
7.53
Status
affected
Version
KERNEL 7.22
Status
affected
Version
7.54
Status
affected
Version
7.77
Status
affected
Version
7.89
Status
affected
Version
7.93
Status
affected
Version
9.16
Status
affected
Version
9.18
Status
affected
Version
91.9
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.348 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| cna@sap.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3717897