Back to CVE List

CVE-2026-24315

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
4.2 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Vulnerability Description

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system causing low impact on Confidentiality and Integrity. Availability of the system is no impacted.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-35
Source
NVD
Vendor
SAP_SE
Product
SAP Fiori (launchpad)

External References

Discussion (0)

Add Comment

No comments yet. Be the first!