CVE-2022-26102

CVE-2022-26102

Vendor Sap Se
Product SAP NetWeaver Application Server for ABAP
Weakness CWE-862 · Missing authorization
Published March 8, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

Key dates

02Disclosure timeline

March 8, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14350 Information disclosure via channel mentions in posts CVE-2025-62996 WordPress Custom Layouts – Post + Product grids made easy plugin <= 1.4.12 - Broken Access Control vulnerability CVE-2024-37456 WordPress Simple Newsletter Plugin – Noptin plugin <= 3.4.2 - Broken Access Control vulnerability CVE-2026-32562 WordPress PPWP plugin <= 1.9.15 - Broken Access Control vulnerability CVE-2025-22671 WordPress Disable Elementor Editor Translation plugin <= 1.0.2 - Broken Access Control vulnerability