Medium severity5.0NVD Advisory· Published Mar 10, 2026· Updated Jun 3, 2026
CVE-2026-27688
CVE-2026-27688
Description
Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially escalate their privileges and read the sensitive data, resulting in a limited impact on the confidentiality of the information stored. However, the integrity and availability of the system are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: SAP_BASIS 700
Patches
Vulnerability mechanics
References
2- url.sap/sapsecuritypatchdaynvdVendor Advisory
- me.sap.com/notes/3704740nvdPermissions Required
News mentions
0No linked articles in our index yet.