{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T13:52:11.852","vulnerabilities":[{"cve":{"id":"CVE-2026-0506","sourceIdentifier":"cna@sap.com","published":"2026-01-13T02:15:53.277","lastModified":"2026-01-22T18:48:00.860","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Due to a Missing Authorization Check vulnerability in Application Server ABAP and ABAP Platform, an authenticated attacker could misuse an RFC function to execute form routines (FORMs) in the ABAP system. Successful exploitation could allow the attacker to write or modify data accessible via FORMs and invoke system functionality exposed via FORMs, resulting in a high impact on integrity and availability, while confidentiality remains unaffected."},{"lang":"es","value":"Debido a una vulnerabilidad por falta de verificación de autorización en el Servidor de Aplicaciones ABAP y la Plataforma ABAP, un atacante autenticado podría hacer un uso indebido de una función RFC para ejecutar rutinas de formulario (FORMs) en el sistema ABAP. La explotación exitosa podría permitir al atacante escribir o modificar datos accesibles a través de FORMs e invocar funcionalidad del sistema expuesta a través de FORMs, resultando en un alto impacto en la integridad y la disponibilidad, mientras que la confidencialidad no se ve afectada."}],"metrics":{"cvssMetricV31":[{"source":"cna@sap.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"cna@sap.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:sap_basis:*:*:*","matchCriteriaId":"6F048ED9-2DDF-4EB9-8571-73832AFABF6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:sap_basis:*:*:*","matchCriteriaId":"C37DC475-6B9A-493C-9A6F-28CDD65D2A5B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:sap_basis:*:*:*","matchCriteriaId":"2BD9FE51-F76C-439A-A3C0-5279EC1059F7"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:sap_basis:*:*:*","matchCriteriaId":"4EB54432-0E1A-45F2-BEE1-8DC28FAADA9F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:sap_basis:*:*:*","matchCriteriaId":"8E96C58C-ED44-487B-A67E-FDAE3C29023A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:sap_basis:*:*:*","matchCriteriaId":"A14DF5EB-B8CE-4A47-9959-2F65A5DCEF5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:sap_basis:*:*:*","matchCriteriaId":"3E0CA53D-4335-4872-B527-30802E31B893"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:sap_basis:*:*:*","matchCriteriaId":"419BA423-0803-4F51-8889-014A521F02CE"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:sap_basis:*:*:*","matchCriteriaId":"DA20ECDC-8807-462C-A0F0-70DF6F5A119B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:sap_basis:*:*:*","matchCriteriaId":"800AAC21-325C-4F16-AE5A-9F89327E5356"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:sap_basis:*:*:*","matchCriteriaId":"BDC15DB7-A95B-475F-AAA6-60A801F65690"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:sap_basis:*:*:*","matchCriteriaId":"55A2FECF-A32E-4188-9563-E8BA0E952261"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:sap_basis:*:*:*","matchCriteriaId":"9CBF2E53-17F0-4BF0-9C38-749C7E611BF4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:sap_basis:*:*:*","matchCriteriaId":"5160572B-E3AB-4B96-8950-07DDAFA0E4A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_abap:816:*:*:*:sap_basis:*:*:*","matchCriteriaId":"32888162-53F9-4598-8C04-E4A4903AAB57"}]}]}],"references":[{"url":"https://me.sap.com/notes/3688703","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://url.sap/sapsecuritypatchday","source":"cna@sap.com","tags":["Patch","Vendor Advisory"]}]}}]}