4.3

CVE-2026-44749

Information Disclosure vulnerability in SAP Gateway

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerSAP_SE
Produkt SAP Gateway
Default Statusunaffected
Version SAP_GWFND 750
Status affected
Version 751
Status affected
Version 752
Status affected
Version 753
Status affected
Version 754
Status affected
Version 755
Status affected
Version 756
Status affected
Version 757
Status affected
Version 758
Status affected
Version SAP_BASIS 795
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.169
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@sap.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere

The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3433366