4.3
CVE-2026-27680
- EPSS 0.17%
- Veröffentlicht 14.05.2026 18:33:26
- Zuletzt bearbeitet 03.06.2026 19:27:45
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version758 SwEditionsap_ui
SAP ≫ Netweaver Application Server Abap Version816
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.069 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
| cna@sap.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3665042