Vulners
Lucene search
SAP NetWeaver AS ABAP Open Redirect (3692004)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2026-34257 | 14 Apr 202600:08 | – | attackerkb |
 | CVE-2026-34257 | 14 Apr 202604:11 | – | circl |
 | SAP NetWeaver Application Server ABAP 输入验证错误漏洞 | 14 Apr 202600:00 | – | cnnvd |
 | CVE-2026-34257 | 14 Apr 202600:08 | – | cve |
 | CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP | 14 Apr 202600:08 | – | cvelist |
 | EUVD-2026-22168 | 14 Apr 202600:08 | – | euvd |
 | Vulnerabilities fixed in SAP products | 14 Apr 202612:55 | – | ncsc |
 | CVE-2026-34257 | 14 Apr 202601:16 | – | nvd |
 | PT-2026-32567 | 14 Apr 202600:00 | – | ptsecurity |
 | CVE-2026-34257 Open Redirect vulnerability in SAP NetWeaver Application Server ABAP | 14 Apr 202600:08 | – | vulnrichment |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(306732);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/20");
script_cve_id("CVE-2026-34257");
script_xref(name:"IAVA", value:"2026-A-0328");
script_name(english:"SAP NetWeaver AS ABAP Open Redirect (3692004)");
script_set_attribute(attribute:"synopsis", value:
"The remote SAP NetWeaver ABAP server is affected by an open redirect vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of SAP NetWeaver AS ABAP and ABAP Platform detected on the remote host is affected by an open redirect
vulnerability as referenced in the SAP Security Patch Day April 2026:
- Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated
attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the page
controlled by the attacker. This causes low impact on confidentiality and integrity of the application
with no impact on availability. (CVE-2026-34257)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://me.sap.com/notes/3692004");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-34257");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/14");
script_set_attribute(attribute:"patch_publication_date", value:"2026/04/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/16");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:sap:netweaver_application_server");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Web Servers");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("sap_netweaver_as_web_detect.nbin");
script_require_keys("installed_sw/SAP Netweaver Application Server (AS)", "Settings/ParanoidReport");
script_require_ports("Services/www", 80, 443, 8000, 50000);
exit(0);
}
include('vcf_extras_sap.inc');
if (report_paranoia < 2) audit(AUDIT_PARANOID);
var app_info = vcf::sap_netweaver_as::get_app_info();
var fix = 'See vendor advisory';
var constraints = [
{'equal' : '700', 'fixed_display' : fix },
{'equal' : '701', 'fixed_display' : fix },
{'equal' : '702', 'fixed_display' : fix },
{'equal' : '731', 'fixed_display' : fix },
{'equal' : '740', 'fixed_display' : fix },
{'equal' : '750', 'fixed_display' : fix },
{'equal' : '752', 'fixed_display' : fix },
{'equal' : '753', 'fixed_display' : fix },
{'equal' : '754', 'fixed_display' : fix },
{'equal' : '755', 'fixed_display' : fix },
{'equal' : '756', 'fixed_display' : fix },
{'equal' : '757', 'fixed_display' : fix },
{'equal' : '758', 'fixed_display' : fix },
{'equal' : '816', 'fixed_display' : fix }
];
vcf::sap_netweaver_as::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING,
abap:TRUE
);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Apr 2026 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.16.1
EPSS0.00056
SSVC