{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23687", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-14T18:26:17.297Z", "datePublished": "2026-02-10T03:02:47.674Z", "dateUpdated": "2026-02-26T15:04:13.585Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver AS ABAP and ABAP Platform", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 804"}, {"status": "affected", "version": "SAP_BASIS 816"}, {"status": "affected", "version": "SAP_BASIS 916"}, {"status": "affected", "version": "SAP_BASIS 917"}, {"status": "affected", "version": "SAP_BASIS 918"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.</p>"}], "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:02:47.674Z"}, "references": [{"url": "https://me.sap.com/notes/3697567"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:16.147572Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:13.585Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-23687", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:16.147572Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T20:15:21.782Z"}}], "cna": {"title": "XML Signature Wrapping in SAP NetWeaver AS ABAP and ABAP Platform", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver AS ABAP and ABAP Platform", "versions": [{"status": "affected", "version": "SAP_BASIS 700"}, {"status": "affected", "version": "SAP_BASIS 701"}, {"status": "affected", "version": "SAP_BASIS 702"}, {"status": "affected", "version": "SAP_BASIS 731"}, {"status": "affected", "version": "SAP_BASIS 740"}, {"status": "affected", "version": "SAP_BASIS 750"}, {"status": "affected", "version": "SAP_BASIS 751"}, {"status": "affected", "version": "SAP_BASIS 752"}, {"status": "affected", "version": "SAP_BASIS 753"}, {"status": "affected", "version": "SAP_BASIS 754"}, {"status": "affected", "version": "SAP_BASIS 755"}, {"status": "affected", "version": "SAP_BASIS 756"}, {"status": "affected", "version": "SAP_BASIS 757"}, {"status": "affected", "version": "SAP_BASIS 758"}, {"status": "affected", "version": "SAP_BASIS 804"}, {"status": "affected", "version": "SAP_BASIS 816"}, {"status": "affected", "version": "SAP_BASIS 916"}, {"status": "affected", "version": "SAP_BASIS 917"}, {"status": "affected", "version": "SAP_BASIS 918"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3697567"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:02:47.674Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23687", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:13.585Z", "dateReserved": "2026-01-14T18:26:17.297Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-02-10T03:02:47.674Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:sap_basis:700:*:*:*:*:*:*:*", "matchCriteriaId": "85616273-040E-49CB-8EB6-D2D4D7B603E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:701:*:*:*:*:*:*:*", "matchCriteriaId": "C5F2C3A9-DCC0-4FF1-8E68-9EA150E209F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:702:*:*:*:*:*:*:*", "matchCriteriaId": "6F774A45-2A9F-4873-A5DC-766D030C8CCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:731:*:*:*:*:*:*:*", "matchCriteriaId": "D3A0A2D6-9259-4A35-A236-F4BEE986C1FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:740:*:*:*:*:*:*:*", "matchCriteriaId": "49C3A8E5-FA6A-4EF3-BF50-FD4E1576024F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:750:*:*:*:*:*:*:*", "matchCriteriaId": "ABA8AB4E-3FE6-46A8-847E-660C5DF6CE71", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:751:*:*:*:*:*:*:*", "matchCriteriaId": "6DA4A6F0-C0F1-42CB-8BBD-7198064733EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:752:*:*:*:*:*:*:*", "matchCriteriaId": "8C121CC9-26F6-4103-8EB0-BAFF6B5B5FE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:753:*:*:*:*:*:*:*", "matchCriteriaId": "86086D00-10BF-4C55-8D87-82CCBE468153", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:754:*:*:*:*:*:*:*", "matchCriteriaId": "2F25246A-D9E5-4F0D-B91A-478D4E5570DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:755:*:*:*:*:*:*:*", "matchCriteriaId": "0218695F-C4AD-46BF-B176-F10C644A9C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:756:*:*:*:*:*:*:*", "matchCriteriaId": "FC9E7C3E-1005-450A-9198-E014C1BAADBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:757:*:*:*:*:*:*:*", "matchCriteriaId": "3A177AB1-CC85-46EF-91DF-462096608C9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:758:*:*:*:*:*:*:*", "matchCriteriaId": "F7591F81-708C-4285-9BB2-F2B4BDB9759B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:804:*:*:*:*:*:*:*", "matchCriteriaId": "678CFB4C-1FD5-469F-AB56-9E8E80664EF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:916:*:*:*:*:*:*:*", "matchCriteriaId": "09BB40FF-37CE-49CF-B90E-1E17C1343EE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:917:*:*:*:*:*:*:*", "matchCriteriaId": "EFA758D6-0480-4A04-B341-476BB938F35E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:sap_basis:918:*:*:*:*:*:*:*", "matchCriteriaId": "2E7F598D-F876-4FCC-A807-EBA95884AA5E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information, unauthorized access to sensitive user data and potential disruption of normal system usage."}, {"lang": "es", "value": "SAP NetWeaver Servidor de Aplicaciones ABAP y Plataforma ABAP permite a un atacante autenticado con privilegios normales obtener un mensaje firmado v\u00e1lido y enviar documentos XML firmados modificados al verificador. Esto puede resultar en la aceptaci\u00f3n de informaci\u00f3n de identidad manipulada, acceso no autorizado a datos de usuario sensibles y una posible interrupci\u00f3n del uso normal del sistema."}], "id": "CVE-2026-23687", "lastModified": "2026-02-17T16:12:35.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-02-10T04:16:03.180", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3697567"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "cna@sap.com", "type": "Primary"}]}

{}