CNNVD-202602-1700 Information

Feb 10, 2026 cve

CNNVD ID

CNNVD-202602-1700

CVE-2026-23687

  • CNNVD Published: 2026-02-10

Description (Chinese)

SAP AS ABAP和SAP NetWeaver ABAP Platform都是德国思爱普(SAP)公司的产品。SAP AS ABAP是一个 SAP 软件的开发工具。SAP NetWeaver ABAP Platform是一个一体化技术平台。 SAP AS ABAP和SAP NetWeaver ABAP Platform存在数据伪造问题漏洞,该漏洞源于允许经过身份验证的普通权限攻击者获取有效签名消息并发送修改后的签名XML文档,可能导致接受被篡改的身份信息、未经授权访问敏感用户数据以及可能中断正常系统使用。

Description (English)

SAP AS ABAP and SAP NetWeaver ABAP Platform are products of SAP Germany. SAP AS ABAP is a development tool for SAP software. SAP NetWeaver ABAP Platform is an integrated technology platform. SAP AS ABAP and SAP NetWeaver ABAP Platform have a loophole in data forgery, which stems from the fact that it allows a commonly authorized identity attacker to obtain a valid signature message and send a modified signature XML file, which may lead to the acceptance of altered identity information, unauthorized access to sensitive user data and possible disruption of normal system use.

Hazard Level

Medium

Vulnerability Type

数据伪造问题

Affected Vendor

思爱普

Published

2026-02-10

Last Modified

2026-02-24

References

https://me.sap.com/notes/3697567 https://url.sap/sapsecuritypatchday

Patch

https://me.sap.com/notes/3697567

Share on: